Securing computers and networks is challenging, as evidenced by frequent reports of data breaches and vulnerabilities. Until now computer and information security has generally focused on the need to protect data, with the greatest impacts of compromised security tending to be financial in nature or related to data privacy. The advent of increasingly connected and automated vehicles is an important example of how computing devices are now being placed in control of physical processes, as well as being connected to other networks such as the internet and critical infrastructure. These so-called cyber-physical systems now mean that life and health can potentially be impacted by security failures.
In a similar way to IT cybersecurity, defending against attacks in connected vehicle systems requires a combination of measures providing a defence in depth approach. This should include both proactive measures that are ‘designed-in’ during vehicle development, and reactive measures that can cope with unknown new attacks and enable the vehicle to recover or survive with an appropriate level of availability.
A broad landscape of security standards for connected vehicles is emerging, with a range of process and technical standards either recently published or under development. The following overview describes some of the key standards development activities in this area.
Although no international standard yet exists for automotive cybersecurity engineering, the SAE recommended practice J3061 was published in January 2016. This describes a framework which organisations can use to integrate cybersecurity engineering activities into an overall engineering process. In common with ISO 26262 for functional safety, SAE J3061 recommends a product development lifecycle based on the systems engineering V-model, incorporating appropriate security activities throughout the vehicle lifecycle, from concept through product development, production, operations and decommissioning.
More recently, ISO and SAE agreed to collaborate on the development of future joint standards and formed a joint working group in October 2016, which is currently developing ISO/SAE 21434 Road Vehicles – Cybersecurity Engineering. This international standard will build on the foundation of J3061 and incorporate existing cybersecurity best practices. ISO/SAE 21434 will provide a framework that includes requirements for a cybersecurity process, and a common language for communicating and managing cybersecurity risk amongst stakeholders, addressing the challenges of risk management across the complex automotive supply chain. The standard will focus on process requirements and will not prescribe specific technology or solutions related to cybersecurity.
Cybersecurity is also the subject of ongoing regulatory activity, with a United Nations Economic Commission for Europe (UN ECE) task force for cybersecurity and over-the-air updates recently submitting recommendations to the parent UN committee for future vehicle type approval regulations on these topics.
Further best practices and guidelines on a range of cybersecurity topics are under development by SAE. SAE J3061-2 is a work-in-progress recommended practice which will provide examples of methods for cybersecurity testing and assurance. Another work in progress is SAE J3101, which will cover hardware security. It will contain a set of common requirements and use cases for hardware protected security environments suitable for automotive applications.
SAE J3138 is a recently published recommended practice providing security guidance related to the diagnostic link connector (OBD-II), to ensure safe vehicle operation if a compromised external device is connected to this port.
A number of existing ISO standards for data communications in road vehicles are currently being updated to address cybersecurity, such as ISO 14229 for Unified Diagnostic Services and ISO 20777 covering the Extended Vehicle (ExVe).
Technical security standards related to V2X communications are also available and under development. In Europe, ETSI publishes standards for Cooperative Intelligent Transport Systems (C-ITS) based on the wireless standard IEEE 802.11p. The key security related ETSI C-ITS standards include TS 102 731 Security Services, TS 103 097 Security Headers and Certificates, and TS 102 940 ITS Security Architecture and Security Management. The IEEE also publishes the IEEE 1609 series of standards for V2X communications which are also based on IEEE 802.11p. IEEE 1609.2 covers the security aspects, including secure message formats and security management.
It is important to recognise that conformance to standards alone does not automatically lead to a secure vehicle. However, security standards based on expert industry consensus do provide important building blocks for organizations to develop sufficiently rigorous engineering processes and robust security measures. Appropriate application of these processes and measures provides greater assurance that a connected vehicle can remain adequately secure over its lifetime.
This article was written by HORIBA MIRA’s Paul Wooderson, Cybersecurity Principal Engineer and submitted to FISITA to form part of the FISITA Vehicle Connectivity Briefing Paper. The paper summarises the research and experience of vehicle connectivity experts and covers strategy and policy, communication and standards, and applications and infrastructure.
