Safety has been an integral part of the automotive development process for decades, even before the introduction of ISO 26262 “Road vehicles – Functional safety” in 2011.
Performing FMEAs (Failure Mode and Effects Analysis) and FTAs (Fault Tree Analysis) has been part of every automotive development process. The concept of ASIL levels (Automotive Safety Integrity Levels) is well understood and applied in the entire automotive supply chain. As a result, most drivers consider their vehicles “safe,” but many drivers are unaware of the cybersecurity flaws introduced as more computerized options are offered in their automobiles.
Today, cars are increasingly vulnerable to automotive cybersecurity attacks and hacking activities due to emerging trends of highly-connected and (semi-)autonomous vehicles. With numerous interfaces such as Wi-Fi, Bluetooth, GSM, and USB-sharing included in cars, they have become “connected computers on wheels.”
Since vehicle standards didn’t include cybersecurity risk assessments, ISO/SAE 21434 introduced the first guidelines to safeguard vehicles. The aim is to create an industry-wide consensus related to key cybersecurity issues in the automotive industry. ISO/SAE 21434 is the main reference for regulators determined to institute cybersecurity standardizations internationally.
L4B Automotive Makes Cybersecurity a Priority
L4B Automotive recognizes the importance of vehicle safety and cybersecurity. We’ve included ISO/SAE 21434 standards in all sub-systems, components, connections, and software. Incorporation of ISO/SAE 21434 standards ensures that OEMs and other participants in the supply chain have structured processes in place that support security by design.
Adhering to cybersecurity standards, L4B is able to offer services that safeguard automotive consumers. Our goals are to assist industry leaders in creating vehicle functionalities safe from cyber-threats and system compromise, which will foster a safer environment for drivers and passengers.
Image Ref: ISO/SAE 21434 Draft 2019
In general, L4B Software standards assist in tracking and monitoring threat activities including dependencies, responsible parties, resources, and associated timing. We’ve divided our cybersecurity plan into two parts: is divided into two major parts:
- Concept phase (with assessment).
- Development/Production phase (with assessment).
Concept Phase
As the responsible tier-1, L4B-Automotive ensures that the concept phase is addressed at the system level, where all aspects (software, hardware, and mechanics) are evaluated with evaluation of the security risk level of a vehicle and its components. Finalization of the concept phase is a prerequisite to the development phase.
L4B-Automotive assures and assists in security risk assessment steps such as identification of assets and the determination of potential damages due to security properties violation. A security team performs identification and analysis of potential threats, attacks, and vulnerabilities. Using an iterative process, L4B-Automotive identifies countermeasures such as encryption that must be applied to the system until the remaining risk level is acceptable.
A model-based security risk assessment benefits the existing models in the development process. Existing structural or functional models can be used to determine assets, damages, vulnerabilities, and threats.
Development Phase
New ISO/SAE 21434 encapsulates the development process and life cycle of a vehicle with V-Model. During all phases, including requirements engineering, design, specification, implementation, test, and operations, L4B-Automotive undertakes security aspects with utmost priority.
ISO/SAE 21434 does not describe specific cybersecurity technologies or solutions. It also excludes specific recommendations on countermeasures (defensive or offensive), such as encryption methods, telecommunication systems, or back-office solutions. L4B-Automotive rigorous security-aware requirements including analysis, design, and product specification ensure the security of vehicles. L4B-Automotive also adopts various approaches best-fit for the OEM’s project requirements, without compromising the safety of a vehicle.
For instance, for the Security Requirements Specification, L4B-Automotive’s Requirements Experts ensure that the specifications are fully compliant with the ISO/SAE process. Additionally, our experts ensure that they are followed throughout the development lifecycle.
Conclusion
Vehicle cybersecurity is a lifeguard for driver and passenger safety. The automotive industry’s ISO/SAE 21434 is a good first step in ensuring cars are protected from attackers who threaten driver safety. Adhering to this standard, L4B Automotive focuses on safety-first and incorporates the right processes to protect vehicles from cyber-attacks during the entire development lifecycle.
