Rules and Guidelines
Want to participate in the discussions? Please read our Community Rules and Guidelines. Need some help? Visit Support and Answers.

  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 15 subscribers
  • Views 1765 views
  • Users 0 members are here
Options
You may also be interested in
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automotive Cyber Security

Deborah-Claire McKenzie
Connected vehicles have numerous potential benefits for convenience, safety, travel time and access to mobility, and the features that deliver these have become essential selling points. Advances in autonomy will increase the number and types of connections and travellers’ reliance upon them. In 2020, most new vehicles are connected vehicles and many have online connections to safety-critical systems, putting them at risk of deadly hacks. It’s not clear that the automotive industry is fully equipped to deal with this and they may even be deceiving the public about their lack of preparedness.


In response to these challenges, the new UNECE WP.29 type approval regulations for cybersecurity and over-the-air (OTA) updates enter into force in January 2021. The cybersecurity management standard ISO/SAE 21434 “Road Vehicles – Cybersecurity Engineering” is also hotly anticipated next year. But is the industry ready?

Stepping up in this connected world is a major challenge for the established automotive industry and Intelligent Transport Systems (ITS) providers. A number of these challenges can’t be solved without addressing deep-rooted issues such as reluctance to collaborate, a lack of specialised security talent, and engineering processes that don’t consider security throughout the lifecycle.


The ARTS TN have organised a webinar on Automotive Cyber Security on 21 October 2020 at 11.00hrs BST. Ahead of the webinar we’d like to hear your views on the following questions:


•    How well are automotive and ITS businesses positioned to deal with security in their products and services? 

•    What do the various industries need to do to create conditions where security can be assured by design throughout the lifecycle of their products and services? 

•    What are the gaps, how big are they, and what capabilities are needed to address them?


If you have other questions that you’d like to post here, we will also consider these for discussion by our experts in the Q&A panel during the webinar.

Parents
  • 0
    ARE, it's an interesting question. I'm not sure who you're addressing the question to, so assuming that 'you' in "What advice, if any, have you sought" refers to the automotive industry. I'm not sure how well I can answer it, so hopefully others will chip in.


    In the case of Automotive Cybersecurity, the issues we're discussing relate in large part to risks associated with increasing remote connectivity, for example over Wi-Fi, Bluetooth, cellular, Dedicated Short Range Communication (DSRC) and more. Physical connections to the vehicle are also considered, of course, but most attackers would prefer a remote exploit. My understanding of avionics is limited, but I'm not sure that these concerns are usually relevant in fly-by-wire. My understanding of fly-by-wire systems is that they are typically air-gapped on-board systems that cannot be remotely accessed. This would probably make a more established functional safety focus more relevant to fly-by-wire. There are many parallels between the industries' functional safety standards, which are DO-178C (aviation) and ISO 26262 (automotive).


    There is certainly cross-pollination in the industries' respective cybersecurity standards. SAE International is a leading standardisation body which publishes SAE cybersecurity standards in both sectors. ISO and SAE are jointly developing the new automotive cybersecurity standard, ISO/SAE 21434. I'm not sure exactly how much interaction there is between automotive and aerospace committees though. In the UK the Safety Critical Systems Club has a Security-informed Safety working group, which aims to "capture cross-domain best practice to help engineers find the ‘wood through the trees’ with all the different security standards, their implication and integration with safety design principles..." If you wish to pursue the question further, I'm sure they would be a good group to approach (contact details at the link)


    In 2018, the IET Rail, Aerospace and ARTS Technical Networks organised a cross-industry "Cybersecurity in Transport Seminar", so events are happening to share best practice. How much collaboration results from such meetings is very hard to gauge, but it would be interesting to know.


    So there is certainly cross-industry discussion and learning, but I'm not sure exactly how much aerospace cybersecurity standards and practices have influenced those in automotive. It would be interesting if anyone can quantify how much influence there is.
Reply
  • 0
    ARE, it's an interesting question. I'm not sure who you're addressing the question to, so assuming that 'you' in "What advice, if any, have you sought" refers to the automotive industry. I'm not sure how well I can answer it, so hopefully others will chip in.


    In the case of Automotive Cybersecurity, the issues we're discussing relate in large part to risks associated with increasing remote connectivity, for example over Wi-Fi, Bluetooth, cellular, Dedicated Short Range Communication (DSRC) and more. Physical connections to the vehicle are also considered, of course, but most attackers would prefer a remote exploit. My understanding of avionics is limited, but I'm not sure that these concerns are usually relevant in fly-by-wire. My understanding of fly-by-wire systems is that they are typically air-gapped on-board systems that cannot be remotely accessed. This would probably make a more established functional safety focus more relevant to fly-by-wire. There are many parallels between the industries' functional safety standards, which are DO-178C (aviation) and ISO 26262 (automotive).


    There is certainly cross-pollination in the industries' respective cybersecurity standards. SAE International is a leading standardisation body which publishes SAE cybersecurity standards in both sectors. ISO and SAE are jointly developing the new automotive cybersecurity standard, ISO/SAE 21434. I'm not sure exactly how much interaction there is between automotive and aerospace committees though. In the UK the Safety Critical Systems Club has a Security-informed Safety working group, which aims to "capture cross-domain best practice to help engineers find the ‘wood through the trees’ with all the different security standards, their implication and integration with safety design principles..." If you wish to pursue the question further, I'm sure they would be a good group to approach (contact details at the link)


    In 2018, the IET Rail, Aerospace and ARTS Technical Networks organised a cross-industry "Cybersecurity in Transport Seminar", so events are happening to share best practice. How much collaboration results from such meetings is very hard to gauge, but it would be interesting to know.


    So there is certainly cross-industry discussion and learning, but I'm not sure exactly how much aerospace cybersecurity standards and practices have influenced those in automotive. It would be interesting if anyone can quantify how much influence there is.
Children
No Data

Community Rules & Guidelines