Safety has been an integral part of the automotive development process for decades. Performing FMEAs (Failure Mode and Effects Analysis) and FTAs (Fault Tree Analysis) has been part of every automotive development process. The concept of ASIL levels (Automotive Safety Integrity Levels) is well understood and consistently applied in the supply chain. As a result, today most drivers consider their vehicles “safe”.
But what measures need to be taken with regard to security? What do you as a developer in the automotive sector have to consider in the future? See here in our overview of the ISO/SAE-21434!
Which dangers are imminent?
With the advent of highly networked and (semi-)autonomous vehicles, cars today are increasingly exposed to cyber-attacks. Through the integration of multiple interfaces such as WLAN, Bluetooth, LTE or USB, vehicles have become “networked computers on wheels”. Combined with autonomous driving functions and a life span of 10 years or more, cars are vulnerable to hacking activities. If these interfaces are attacked, not only high material damages can occur but also a high danger for the occupants.
ISO/SAE 21434 – the solution to the problem?
One thing is certain: the resulting risks cannot be covered by the existing security standards.
But how can ISO/SAE 21434 help?
The purpose of the norm is to ensure that OEMs and all participants in the supply chain have structured processes in place that support a “Security by Design” process. The norm applies to road vehicles including all their components, connections and software. The importance of secure hardware development should not be underestimated!
ISO/SAE 21434: road vehicles – cybersecurity engineering
Launch of an international standard to establish a security lifecycle in theautomotive environment
ISO/SAE 21434 describes the security engineering process in the automotive environment. Due to the trend towards ever greater networking of vehicles and the focus on embedded platforms, attack scenarios are emerging that were previously more familiar from the classic IT environment. The planned standard is therefore aimed at securing the systematic development of safe vehicles and maintaining this security throughout the entire vehicle life Cycle.
For more information about the upcoming standard, see the interview with security expert Daniel Angermeier (Fraunhofer AISEC).
Similar to ISO 26262, the new ISO/SAE 21434 looks at the entire development process and life cycle of a vehicle. It follows the V-model. During all phases, including requirements engineering, design, specification, implementation, test, and operations, security aspects need to be taken into consideration.
ISO/SAE 21434 follows the V-model.
It must be ensured that the production of a safe vehicle requires a safety-conscious requirements analysis and a corresponding design and product specification.
However, if you are hoping for specific recommendations of security technologies or appropriate countermeasures by ISO/SAE 21434, we must disappoint you, as these will not be part of the standard. Instead, it is recommended that you conduct a structured threat analysis and risk assessment.
News
We’ll keep you posted if something happens:
21434-internals on the GENIVI All-Members-Meeting Conference
At this weeks’ GENIVI All Members Meeting (virtually of course), there were a couple of contributors of ISO/SAE 21434 on a round table session on Wednesday at 3:40pm (EST): Bill Mazzara is the ISO/SAE 21434 Committee Chair, and also Anuja Sonalkar, Matthew Mackay and Lisa Boran seem to play important roles in the creation of the standard. I learned, that Lisa and Anuja also were involved in the predecessor J3061.
You can rewatch the videos from the whole meeting here (the 21434-session is not uploaded yet, but I assume that is just a matter of time…).
An important message from all of them:
- The final version of the standard will probably come out on mid of 2021.
- But you may already start getting prepared with the public draft (you can buy it here): The changes will be mild. That means: If you’re running a process that complies to the draft, the final version won’t be of big surprise for you.
How can you implement ISO/SAE 21434 in your process?
Determining the security risk level of a vehicle and its components will be one of the key activities defined in the standard.
Which points should be considered in a security risk assessment:
- Identification of assets and potential damage resulting from a breach of security features
- Identification and analysis of possible threats, attacks and vulnerabilities
- Determination of risk levels based on damage scenarios and the probability of successful attacks
- Take countermeasures until the remaining risk is acceptable
- Documentation of the important steps and results of the risk assessment process, such as asset lists, damage scenarios, attack reports or risk reports
IT-Security in the automotive industry | ISO 21434
A suitable tool for the implementation of ISO/SAE 21434 is the itemis SECURE, which was developed by itemis. With the help of this tool, a model-based security risk assessment can be carried out. This has the advantage that already existing structural and functional models can be used to determine assets, damages, vulnerabilities and threats.
We also have an idea on how to build a workflow that let’s feasibility ratings scale across TARAs. We discussed it with John Heldreth from ASRG in this presentation:
Be ready for ISO/SAE 21434 with the itemis SECURE!
Contact us now if you are interested or have further questions.
Author Jens Bühl secure@itemis.com