In several articles on the automotive sector we have talked about cybersecurity as a vital component of the connected and autonomous car.
Today’s vehicles work with several different connectivity technologies such as cellular networks, Bluetooth and Wi-Fi. This opens them up to threats deriving from a higher ICT-dependence.
If we also factor autonomous driving into the equation plus an estimated useful life of about 10 years, it then turns out that cars are highly vulnerable to cyberattacks.
We have now spent several years debating and swapping notes on these new security paradigms. True it is that current paradigms are no longer valid in the new vehicle context. New patterns and standards are now being phased in that call for a reinvention of security in hyper connected cars and autonomous driving.
We are going to need new tools and rules for developing a product that is both safe and secure.
In this new paradigm, incident response and detection during a system’s operational life share equal importance with prevention, which begins in the development phase and even long before, right back to the initial dawning of product concept. This is what is known as Security by Design, whereby the problem of cybersecurity is addressed not solely in terms of incident response but a design-up concept to preempt these incidents in the first place.
Until now there have been no clear rules and standards for road-vehicle cybersecurity. The need of establishing new cybersecurity references and rules has been raised by several OEMs, sector providers, cybersecurity firms and government organizations, all of which have decided to work with ISO and SAE to draw up the standard ISO/SAE 21434 “Road vehicles – Cybersecurity engineering”, of worldwide enforcement and now in the final development phase.
It is planned for ISO/SAE 21434 to become compulsory by mid-2024. Even as from 2020, however, many carmakers are asking for telematic components to be developed in keeping with this standard and its knock-on effects on the vehicle engineering process.
This standard brings many advantages to the table. A worldwide vehicle-cybersecurity standard defines a common technology to be used in the whole supply chain, guaranteeing the same even-handedness as might be found in the application of other types of standards. The overall idea is to achieve an industry-wide consensus on the key cybersecurity problems and the best way of tackling security by design as a process permeating the whole lifecycle of automotive products. The idea is to achieve a defined set of cybersecurity and engineering criteria to show that the new cybersecurity challenges are being taken seriously.
In the wake of standards like ISO 26262 and SOTIF (ISO 21448), widely accepted and taken up by the automotive industry, ISO and SAE are now working jointly to develop this new standard. The working group within the technical committee in charge of the standard (ISO/TC 22/SC 32/WG 11) pools over 82 firms, including HW/SW component suppliers, all types of application control units, cybersecurity firms and government organizations.
GMV takes an active part in this Cybersecurity Working group WG11. Spain’s overall contribution is being coordinated from the Spanish Standardization Association (UNE), together with other national-level automotive organizations like SEAT, Renault, IDIADA, CTAG and DEKRA.
This working group, drawing on its members’ wealth of experience, defines and reviews the standard, trying to cover the whole development process and vehicle lifecycle. The standard proposes a V-model technological product standard development, taking into account all security aspects during the various phases, starting out with the system-, design-, specification-, implementation-, testing- and operation-requirements.
ISO/SAE 21434 will also stand as the lawmakers’ benchmark to minimize contradictions at national and international level and make the most of all advantages and benefits deriving from the use of an international standard.
We at GMV are working to make automotive cybersecurity a reality, taken into account throughout the whole product lifecycle, including HW, SW, ECUs and vehicle-supplying remote platforms.
One of the key activities is assessment of vehicle components’ security risk level, to ensure high security.
For the software development of all our projects we integrate a security component, creating inhouse self-protected devices that detect and ward off malicious attacks without forfeiting system performance.
We at GMV firmly believe in the advantages of applying cybersecurity standards throughout the whole product engineering process. For that very reason we bring all our experience and expertise to the ISO 21434 development technical committee. The overarching aim in this endeavor is to help OEMs and Tier-1 suppliers meet all essential standard requirements on the strength of multiple cybersecurity-based solutions and tools for the connected and autonomous car. After all, safe and secure driving is something that affects and interests us all.
Author: Marco Donadio
Las opiniones vertidas por el autor son enteramente suyas y no siempre representan la opinión de GMV
The author’s views are entirely his own and may not reflect the views of GMV