Cloud native EDA tools & pre-optimized hardware platforms
The automotive industry is undergoing significant change in all areas including new applications such as ADAS/Highly-Automated Driving (HAD), new EE architectures, new sensors such as Lidar, long distance imaging and 4D radar and extensive connectivity protocols for connected car. The increasing number of connectivity protocols such as Bluetooth, WiFi, cellular including 5G, GPS, USB and in-car networks such as Controller Area Network (CAN), MIPI, and automotive Ethernet, and expanded adoption of Over-the-Air (OTA) software updates, dramatically accelerate cybersecurity risks. To mitigate the cybersecurity risk, industry stakeholders have developed the new ISO/SAE 21434 Road Vehicles—Cybersecurity Engineering standard. Industry leaders are quickly adopting ISO/SAE 21434 as the leading approach for cybersecurity. Suppliers such as Renesas announced1 their commitment to ISO/SAE 21434 in October 2021. Recently, NXP2 and Texas Instruments3 both certified their Automotive Cybersecurity process compliant to the ISO/SAE 21434 standard after undergoing third-party compliance audits. The recent United Nations Economic Commission for Europe (UNECE) WP.29 regulations, which requires cybersecurity threat analysis and risk assessment process, recommends ISO/SAE 21434. US-based National Highway Traffic Safety Admission (NHTSA) released the Cybersecurity Best Practices for the Safety of Modern Vehicles4 updated in September 2022, identifying ISO/SAE 21434 automotive cybersecurity as the industry best practices. As automakers continue to add OTA software update capability to upsell new features and applications, cybersecurity mechanisms are put in place to protect consumers’ accounts and privacy during the operation of the new technology enabled by OTA software.
This technical bulletin explains how a structured ISO/SAE 21434 development platform minimizes cybersecurity risks and ensures highest levels of success.
The ISO/SAE 21434 Road Vehicles—Cybersecurity Engineering standard defines the responsibilities for various groups during different stages of automotive product development. The standard requires a commitment from executive management to product development with a focus on cybersecurity engineering. It standardizes the roles and responsibilities between vendors or suppliers and the next entity in supply chains, creating standard terminology across the industry. The standard defines phases in the product lifecycle with crisp objectives and outcomes from each stage that feeds into subsequent stages. ISO/SAE 21434 describes Threat Analysis and Risk Assessment (TARA) to assess the cybersecurity risks in the product.
ISO/SAE 21434 stresses the importance of executive management’s commitment to cybersecurity by providing specific guidelines for those responsibilities. The standard goes further by requiring the creation of a cybersecurity policy which enforces cybersecurity rules and processes. The policy then defines cybersecurity roles and identifies who would enforce these roles and processes while providing the necessary resources to enact the policy. There are specific work products defined in the standard that document the policy, roles and resources.
To maintain each products’ cybersecurity assurance, automotive suppliers typically form a dedicated cybersecurity assurance team. Such independent team, which is independent from the product development teams, ensures sufficient scrutiny is exercised and the product commitments including timelines do not compromise the cybersecurity due diligence. The cybersecurity assurance team provides the technology-specific tools required for cybersecurity engineering. As shown in Figure 1, the independent team has the responsibility to create and maintain:
Cybersecurity policies Cybersecurity competence in the design teams
Cybersecurity processes and procedures Cybersecurity assurance in the products
Cybersecurity awarenes Cybersecurity assessment of the products
Figure 1: Cybersecurity teams through all levels of an organization
Includes in-depth technical articles, white papers, videos, upcoming webinars, product announcements and more.
For Cybersecurity processes and procedures, a Secure Development Lifecycle (SDL) requires every phase of product development to include specific criteria that must be met before the development stage is completed. A well-designed SDL generates evidence during the product development and requires threat modeling. The SDL specifies the requirements of the SDL mandates generating evidence during the products’ design phase to prove that the secure practices have been incorporated. This evidence includes security design reviews, security verification plan review, privacy design reviews along with product metrics such as code coverage reports generated by tools like the 草榴社区 Coverity. Finally, the SDL prepares the product for post release support by mandating requirements for post-production security controls.
As previously mentioned, ISO/SAE 21434 defines Threat Analysis and Risk Assessment (TARA) to assess the cybersecurity risks in the product. Cybersecurity risk assessment and management requires a thorough investigation of product to identify the possible risks the product can inherently possess Appropriate mitigations should be applied to ensure the risks are not exploited by a malicious entity. The severity of cybersecurity risk can be determined by four factors. As shown in Figure 2, the four factors that aid in determining the risk score are threat scenario, impact of the threat on the product, attack path, and the feasibility of executing the attack to score the risk. The risk score is used to make an informed decision about how the risk needs to be treated.
Figure 2: The four factors that aid in determining the risk score: thread, impact, attack path, feasibility
The threat scenario and its potential impact on the product determines the damage that can be caused to the product during mission mode operation. Attack paths determine how the threat could be exploited in the product. Feasibility rates how easy it is to enact the attack path. Attack path and its feasibility together determine the probability of its occurrence. Damage potential of the threat and probability of its exploitation together determine the risk it poses to the product. As Figure 2 shows, a risk score is determined by combining the four factors. Again, the ISO/SAE 21434 standard describes a couple of risk value determination techniques that could be adopted based on the product’s needs.
Along with the multiple control practices, which ISO/SAE 21434 defines for development of products compliant to the standard, it also requires cybersecurity post-production support. Although development teams apply multiple techniques to implement cybersecurity control mechanism, the assumption is that cybersecurity will be compromised at some point in the future. The standard includes the requirement to monitor cybersecurity breaches and keep their products safe from such attacks. ISO/SAE 21434 requires two postproduction activities: Vulnerability Management and Incident Response.
Vulnerability management is an ongoing process that monitors the product cybersecurity assurance that was committed at the time of product release. Product level cybersecurity assurance is required for the full product lifetime. Vulnerability management includes monitoring vulnerability databases and disclosures. It requires the organization to analyze the product for impact of new vulnerabilities on an ongoing basis.
Cybersecurity Incident Response is activated when an internal or external organization reports a vulnerability in the product. The Incident Response team must provide a mechanism to report the incidents securely since an unsecure reporting mechanism could provide a channel to malicious entities accessing organizations’ reported vulnerabilities. The process needs to ensure the information on reported vulnerabilities is accessible only to necessary personnel on a need-to-know basis.
The ISO/SAE 21434 Road Vehicles—Cybersecurity Engineering standard is a critical resource for development of latest generation of automotive SoCs. Due to the expanded number of attacks on connected car in ADAS/HAD and V2X/Infotainment technologies such as Bluetooth/BLE, WiFi, cellular including 5G, GPS, USB and in car networks such as CAN, MIPI and automotive Ethernet, a holistic cybersecurity engineering is required. Cybersecurity impacts every level of the automotive supply chain starting with semiconductor SoCs. During development of complex SoCs, partnering with an IP supplier with a structured ISO/SAE 21434 development platform minimizes cybersecurity risks and ensures highest levels of success. 草榴社区 is developing IP products as per the ISO/SAE 21434 standard.
References:
In-depth technical articles, white papers, videos, webinars, product announcements and more.
In-depth technical articles, white papers, videos, webinars, product announcements and more.
Explore all articles →