Now the time has finally come: After a lengthy international harmonization process, the new ISO standard has come into force. ISO/SAE 21434 »Road vehicles — Cybersecurity engineering« regulates engineering requirements for cybersecurity risk management during the concept, development and post-development phases. For an easy start, here is some guidance on which standards to use. We have adapted the chapter from the industry study »Automotive Cybersecurity. State of Practice«.Back to Automotive Cybersecurity
Let’s cut to the chase: developing a cybersecurity standard that ticks every single box is wishful thinking. Instead, there are scores of regulations, standards and manuals that cover individual aspects or phases of the product development process and the vehicle life cycle. Since the summer of 2020, however, a number of loose ends have starting coming together in the world of standards. The forthcoming ISO/SAE 21434 standard and UNECE regulations on automotive cybersecurity will set requirements that no vehicle manufacturer – and indirectly no developer – in the automotive world will be able to circumvent.
The large number of standards and corresponding approaches are a reflection of the bandwidth of requirements linked to cybersecurity in the world of automotive, ranging from cybersecurity in vehicle development to secure production processes, secure fleet operations, the protection of back-end systems and data protection.
Cybersecurity is complex, because it has to cover all bases. Cybersecurity activities end neither after development of the product, nor when a vehicle enters use or is taken off the market. They can only be stopped when the last vehicle has been scrapped at the end of the period of use guaranteed by the manufacturer in keeping with data protection requirements – during which the reading of private keys was made impossible. From the development organization's point of view, it is also of interest to find out how long the manufacturer will have to provide support in the future.
The publication of the ISO/SAE 21434 standard (Road Vehicles – Cybersecurity Engineering) allows the ISO organisation, as an international standardisation body, to enshrine cybersecurity engineering directly within the product development process for automotive electronics. The standard defines the state of technique and captures the cybersecurity requirements that engineers are expected to adhere to in their work. Unlike the established ISO 26262 standard, the ISO/SAE 21434 was kept in the abstract. This was the only way to make the standard possible, because a large number of diverging interests and expectations from different countries had to be reduced to a common denominator. One important achievement of the new standard is that it creates common language. Speaking with one tongue and having a shared understanding of what cyber- security entails for the automotive industry, allows manufacturers and suppliers to better align their cybersecurity activities.
Need support with a key project? We’re your first port of call when it comes to management consulting and improvement programmes in electronics development.
Steffen Herrmann and the sales team
The ISO standard stops short of naming specific technical requirements, either in terms of hardware metrics or architecture specifications. But it doesn’t take long for cybersecurity concepts to become obsolete, so approaching security from a variety of angles actually makes some things more difficult for cyberattackers. Many of the particulars of the ISO/SAE 21434 standard are also kept quite abstract: They state what is to be done, but not how this is to be achieved. This presents people responsible for cybersecurity, quality, or managing the business with the challenge of developing a cybersecurity management system that matches the current state of technique and still offers the required practical robustness – without actually having any guidelines for process standards in development or information regarding tools, secure code or security by design.
These challenges begin with defining individual roles, capturing corresponding responsibilities and integrating these into organisational structures and workflows. This is where the onus lies on existing departments such as quality assurance, functional safety and IT security. Despite this, new units will be needed within organisations because existing functions can’t possibly possess the required capabilities.
What’s most often missing more than anything else is a continually active analysis centre to observe cybersecurity attacks independent of specific projects. The central function would also produce reports on vulnerabilities, develop routines, determine how intrusion scenarios should be dealt with, run a 24/7 hotline and deal with available tools. This kind of vehicle security operations centre must have an up-to-the-minute understanding of key issues, plus ac- cess to crucial information in the event of an occurrence.
In this course we will familiarize you with theoretical and practical knowledge about TARA and risk assessments. After TARA in the concept phase, risk assessments turn into the pivotal point of cybersecurity oriented processes. We therefore recommend that you become accustomed to TARA from the very beginning.
Together with the TUEV Nord certification body we qualify you as a "Cybersecurity Engineer (Automotive)". During the training you will learn how to achieve the required end-to-end security. As a TUEV Nord qualified Cybersecurity Engineer, you will know how ISO/SAE 21434 supports your work and which homologation requirements are imposed by UNECE for your task.
How does automotive security work in practice if connected vehicles are basically computers on wheels? This was the question posed by the New York Times. Automotive security expert Steve Tengler, Principal at Kugler Maag Cie, digs deeper.
Is cybersecurity a realistic goal with so many network and new connectivity solutions around? Dr Thomas Liedtke looks at this topic as part of a round-robin seminar at the software and automation forum at Stuttgart University.
ISO/SAE 21434 has allowed the international standardisation committee to lay a foundation for establishing automotive security as a fixed element of the development process for automotive electronics. The ISO/SAE 21434 standard addresses the central tasks of electronics development and the overall supply chain. To find out more about the upcoming standard, see the interview with security expert Dr Thomas Liedtke.
TARA stands for threat analysis and risk assessment. In the concept stage, it is a fundamental analysis and evaluation instrument for damage scenarios, threat scenarios and attack feasibility. Its role is to determine risk. We have put an entire chapter aside for this topic, including a procedural model.
The standard itself has been made brief and to the point but for that, it has comprehensive annexes. These offer a treasure trove of best practice examples and blueprints. Applying the standard is explained based on the example of a headlight system.
The ISO/SAE 21434 standard gives you an understanding of the current status of product development. It tells you which areas you need to start in, from planning and defining specifications to implementation processes, verification and testing. In essence, that’s good engineering – so nothing new on that front? Well actually: yes. The challenge now is to prove that you have a cybersecurity management system in place within your organisation offering the right breadth and depth, and that all activities are being planned and executed according to the right procedures. This should also ensure new vulnerabilities can be averted and cybersecurity objectives can be met at any time.
Virtually in parallel to this standard, new regulation guidelines from the UN harmonisation body for type approvals were published: in June 2020, UNECE Working Party 29 adopted two regulatory guidelines. This will have a significant impact on homologation in other areas of the automotive industry. Unlike ISO standards, however, these regulations have a legal impact via national or European legislation – in future, vehicles will not roll off the assembly line without certification under these guidelines.
Within the European Union, the two UNECE regulations are formulated and scheduled as the General Safety Regulation.
This regulation will require manufacturers to take overall responsibility for the cybersecurity of their automotive systems. Producers must install a cybersecurity management system (CSMS) to do this. This CSMS is a management system spanning different projects, for example it will build capabilities to analyse potential cyberthreats as demanded by ISO 21434. The ISO standard provides a foundation to meet the requirements of UNECE R.155. An independent certification authority must assess and validate whether the CSMS adheres to requirements and is actually part and parcel of project activities. This ensures that the required cybersecurity tasks are actually being carried out on an ongoing basis. Certification is valid for three years and must be submitted to national authorities.
This regulation will take into account the fact that connected vehicles can only be kept safe for the whole of their life time by releasing updates. Whether over-the-air or via charging station, manufacturers need a Software Update Management System to certification requirements, just like the CSMS. The SUMS must ensure that homologation-relevant software systems are given their own unique identification number (RXSWIN) and that it is known which versions have been installed in vehicles. Certification for all RXSWINs must be submitted when applying for approvals. The new ISO AWI 24089 will propose fundamentals for a SUMS. It will thus play a role in the development of a SUMS, as is already the case with ISO 21434 for a CSMS.
Both regulations also formulate requirements for national processes governing vehicle approvals. This is because independent auditing of management sys tems and the certification of critical systems contained in vehicles must be laid down and checked by supervisory authorities.