Why it’s so difficult to add security into automotive designs, and why it’s so important.
The growth of electronics in cars is exposing a new vector for cyberattacks on car owners and automotive companies’ reputations. The potential human cost of an attack on the car’s electronics is driving urgency in the adoption of cybersecurity-aware practices, from OEMs and Tier 1s to every component supplier in the automotive industry. The standard “ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering” provides a set of formal output requirements that enable cybersecurity-aware product development. The standard covers the processes in IP development, integration of IP into an SoC, and more.
Instilling cybersecurity in products is not trivial. Product development teams need to take additional steps in every stage of the development lifecycle to ensure some level of cybersecurity assurance. Additionally, it is not uncommon to see product requirements that contradict cybersecurity requirements, especially when it comes to usability and performance. A simple example of this conflict could be the management of privacy data through encryption. Adding encryption adds more cost and has a greater performance impact than storing and transferring data in plain text. A low-cost edge device, such as rear camera of a vehicle, may capture private, sensitive information, but may not have enough CPU power or additional hardware to encrypt the video before relaying it in the infotainment system. A person-in-the-middle attack could tap into the unencrypted video feed and steal sensitive information. Moreover, creating an encrypted channel between the rear camera and the infotainment system needs computationally intense asymmetric cryptography that may delay the video feed delivery to the infotainment system. This delay could impact the performance requirement of a real-time video feed.
In addition, even safety and security requirements can contradict each other in certain scenarios. For example, an automaker may add a safety feature that unlocks the doors of a vehicle if there is a considerable impact to the roof of the car. The intention of this feature is to unlock the doors to let the passengers out in the case of an accident that flips the vehicle. However, this feature could be exploited by jumping on the roof of the parked vehicle to unlock the doors, thereby breaking the security feature. Unlike a performance penalty that can be solved by upgrading the platform’s capabilities, contradictory safety and security requirements may need an architectural change or may require additional products to ensure both the safety and security requirements are met. In short, cybersecurity can come at cost.
The Current Reality
A study of the Automotive Industry’s Cybersecurity practices conducted by SAE and Synopsys found that 52% of the respondents in the automotive industry see clear cybersecurity issues in the course of their work (Figure 1). But 69% of them do not feel they can raise a concern about cybersecurity to upper management. This highlights the fact that developing products with cybersecurity assurances needs to be fully supported, or even a directive, by executive management. Awareness of the need for cybersecurity should be a top-down approach, as driving from the engineering level is not effective.
Figure 1: Cybersecurity concerns reported to organization.
The commitment to cybersecurity should be embedded into the vision of the organization and trickle down to the R&D and support teams to create resources and tools for cybersecurity engineering. The study found that 41% of those respondents said there is no established product cybersecurity program or team in their organization that has the capabilities and tools to address the cybersecurity concerns.
Figure 2: Established cybersecurity program in automotive suppliers.
Executive Management Commitment Required
ISO 21434 stresses the importance of executive management’s commitment to cybersecurity by providing specific guidelines on the responsibilities of the management. The standard goes further by requiring definition of a cybersecurity policy which enforces cybersecurity rules and processes. The policy then defines cybersecurity roles who enforce these rules and processes while providing the necessary resources required to enact the policy. There are specific work products defined in the standard that document the policy, roles, and resources.
Typically, an organization achieves the definition and enforcement of policy through a dedicated cybersecurity team, which is responsible for cybersecurity assurance of the products. This team has an independent management chain from the product development teams to ensure sufficient scrutiny is exercised and the product commitments, such as timelines, do not compromise due diligence. It is the responsibility of the cybersecurity assurance team to create and maintain:
As found in the study, these critical roles and responsibilities do not exist in half of the automotive supplier ecosystem. 51% respondents did not have enough resources in their organization for cybersecurity while 62% did not have the skills in the organization. The cybersecurity assurance team provides the technology-specific tools required for cybersecurity engineering. The team then enforces the processes to achieve cybersecurity assurances. These processes generate evidence that are compliant with the industry standards such as ISO 21434 which feed into the audit process.
Processes & Practices for Cybersecurity-Aware SoCs
Understanding the policies, processes and best practices helps design teams to increase the security posture of the products and services. The required processes and practices are developed by the organization, tailored to their product offerings, and include continual improvements. Continuous improvement ensures the designed processes are effective in action and provide a self-correction mechanism. One technique to stitch continuous improvement in a process is to define objective metrics for each process. Metrics act as a scale to identify if the process is performing as intended. By periodically assessing the performance of a process against the metrics, necessary corrections can be made to keep the process effective and efficient.
As the automotive industry increases its reliance on electronics for new features and functionality, they must also increase their commitment to cybersecurity. Every connected chip in a car can increase the potential of harm to road users – drivers, passengers, pedestrians, etc. Consumers will soon require cybersecurity assurance in the same way that they require safety and quality assurance of the product. Customers, or regulators, may even look for more than just certification and will require details on the cybersecurity processes of the suppliers. It is imperative for component suppliers to adopt cybersecurity principles and processes that are being standardized to stay competitive in the automotive market.
Dive deeper into the best practices for developing more secure chips in the white paper: Best Practices for Cybersecurity-Aware SoC Development with ISO 21434.
 |
 |
 |
 |
 |
 |
 |
 |
 |
detection of cyber security instances using AI?