Cloud native EDA tools & pre-optimized hardware platforms
The automotive industry is undergoing significant change in all areas including new applications such as ADAS/Highly-Automated Driving (HAD), new EE architectures, new sensors such as Lidar, long distance imaging and 4D radar and extensive connectivity protocols for connected car. The increasing number of connectivity protocols such as Bluetooth, WiFi, cellular including 5G, GPS, USB and in-car networks such as Controller Area Network (CAN), MIPI, and automotive Ethernet, and expanded adoption of Over-the-Air (OTA) software updates, dramatically accelerate cybersecurity risks. To mitigate the cybersecurity risk, industry stakeholders have developed the new ISO/SAE 21434 Road Vehicles—Cybersecurity Engineering standard. Industry leaders are quickly adopting ISO/SAE 21434 as the leading approach for cybersecurity. Suppliers such as Renesas announced1 their commitment to ISO/SAE 21434 in October 2021. Recently, NXP2 and Texas Instruments3 both certified their Automotive Cybersecurity process compliant to the ISO/SAE 21434 standard after undergoing third-party compliance audits. The recent United Nations Economic Commission for Europe (UNECE) WP.29 regulations, which requires cybersecurity threat analysis and risk assessment process, recommends ISO/SAE 21434. US-based National Highway Traffic Safety Admission (NHTSA) released the Cybersecurity Best Practices for the Safety of Modern Vehicles4 updated in September 2022, identifying ISO/SAE 21434 automotive cybersecurity as the industry best practices. As automakers continue to add OTA software update capability to upsell new features and applications, cybersecurity mechanisms are put in place to protect consumers’ accounts and privacy during the operation of the new technology enabled by OTA software.
This technical bulletin explains how a structured ISO/SAE 21434 development platform minimizes cybersecurity risks and ensures highest levels of success.
Figure 1: Cybersecurity teams through all levels of an organization
For Cybersecurity processes and procedures, a Secure Development Lifecycle (SDL) requires every phase of product development to include specific criteria that must be met before the development stage is completed. A well-designed SDL generates evidence during the product development and requires threat modeling. The SDL specifies the requirements of the SDL mandates generating evidence during the products’ design phase to prove that the secure practices have been incorporated. This evidence includes security design reviews, security verification plan review, privacy design reviews along with product metrics such as code coverage reports generated by tools like the Synopsys Coverity. Finally, the SDL prepares the product for post release support by mandating requirements for post-production security controls.
Figure 2: The four factors that aid in determining the risk score: thread, impact, attack path, feasibility
The threat scenario and its potential impact on the product determines the damage that can be caused to the product during mission mode operation. Attack paths determine how the threat could be exploited in the product. Feasibility rates how easy it is to enact the attack path. Attack path and its feasibility together determine the probability of its occurrence. Damage potential of the threat and probability of its exploitation together determine the risk it poses to the product. As Figure 2 shows, a risk score is determined by combining the four factors. Again, the ISO/SAE 21434 standard describes a couple of risk value determination techniques that could be adopted based on the product’s needs.
Along with the multiple control practices, which ISO/SAE 21434 defines for development of products compliant to the standard, it also requires cybersecurity post-production support. Although development teams apply multiple techniques to implement cybersecurity control mechanism, the assumption is that cybersecurity will be compromised at some point in the future. The standard includes the requirement to monitor cybersecurity breaches and keep their products safe from such attacks. ISO/SAE 21434 requires two postproduction activities: Vulnerability Management and Incident Response.
Vulnerability management is an ongoing process that monitors the product cybersecurity assurance that was committed at the time of product release. Product level cybersecurity assurance is required for the full product lifetime. Vulnerability management includes monitoring vulnerability databases and disclosures. It requires the organization to analyze the product for impact of new vulnerabilities on an ongoing basis.
Cybersecurity Incident Response is activated when an internal or external organization reports a vulnerability in the product. The Incident Response team must provide a mechanism to report the incidents securely since an unsecure reporting mechanism could provide a channel to malicious entities accessing organizations’ reported vulnerabilities. The process needs to ensure the information on reported vulnerabilities is accessible only to necessary personnel on a need-to-know basis.