ISO/SAE 21434: Secure Hardware Development In Modern Vehicles

Secure software and firmware alone are not sufficient to create a tamper-proof vehicle.

popularity

Demonstrating the importance of security doesn’t get much more memorable than Charlie Miller and Chris Valasek successfully hacking a Jeep and driving it into a ditch. The effects of that drive have been long-reaching, sparking conversations in both the media and automotive industry about the evolving threat landscape as vehicles become increasingly automated.

The average car contains over 150 electronic control units, and the attack surface and the chance of potential vulnerabilities making it into the final design continue to grow. As the industry moves from vertical hardware-driven platforms to horizontal software-defined platforms, it is critical to ensure that manufacturers and suppliers include robust cybersecurity and data privacy controls in their components and designs.

Additionally, the semiconductor shortage that impacted many manufacturers in 2021 has also led companies to examine their supply chain and consider bringing chip development in-house, which means assuming even more responsibility for mitigating hardware and software cybersecurity risks.

Regulatory bodies are beginning to take steps to ensure cybersecurity is built into the foundation of new automobiles coming to market and thoroughly tested. It’s well understood that secure software and firmware alone are not sufficient to create a tamper-proof vehicle. Soon original equipment manufacturers and their supply chains will need to meet new standards for both their hardware and software development processes, such as ISO/SAE 21434. Moving forward, the entire automotive supply chain, including ECUs, will be expected to include transparent and well-documented processes that contain comprehensive security verification.

ISO/SAE 21434 Road Vehicles — Cybersecurity Engineering

The new International Organization for Standardization (ISO) and SAE International ISO/SAE 21434 standards cover “…engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.” June 2022 models released in Europe, Japan, and Korea will be among the first cars that need to prove compliance with these new standards.

While a holistic approach to cybersecurity is a significant part of the framework, organizations approaching the concept and product development phases without a robust cybersecurity verification methodology and mature program may experience challenges.

Defining cybersecurity concepts and goals

Moving forward, organizations will need to demonstrate that cybersecurity has been thoroughly managed and considered at every level of the supply chain. This includes clearly defining controls and requirements as well as verifying them.

Poor specification leads to inaccurate, misleading, or unverifiable security requirements. All items, cybersecurity goals, and concepts should be documented, understood, and communicated to stakeholders. These include the assets themselves, their interactions, and any design feature or quality of a device’s deployment environment intended to preserve an asset’s security objectives.

Both the controls you intend to use to mitigate risk and security requirements should result from thorough threat analysis and risk assessment exercises.

Secure product development and designs

The controls that are decided on and security requirements defined will form the core of the cybersecurity specification and lead directly to a security verification plan.

These must be consistent with the specifications and goals defined at higher levels of architectural abstraction and through the design’s life cycle. Each requirement should also be falsifiable, i.e., there must be a way it can be shown false with data through security verification.

A well-run verification program will enable teams to identify security weaknesses in the design implementation and validate whether cybersecurity controls used in the design are properly protecting assets.

Integration and verification

While vulnerabilities can be introduced at any stage, many occur within the complex interaction of hardware and software present in today’s designs. That’s why, at every step of the design process, from block-level to system level, and if applicable, software, organizations should verify security requirements to ensure compliance with clearly defined security specifications. Intermittent testing is no longer enough. Each development step – from block to integrated system with software – is another opportunity for a mistake that undermines security. This can lead to security surprises that cause missed deadlines and a scramble to finalize any refinements of cybersecurity controls needed before tape-out.

Many features introduced to mitigate risk, such as a Hardware Root of Trust (HRoT), can introduce vulnerabilities themselves in the design and integration phases. As highly configurable components, it’s crucial to detect and prevent vulnerabilities on the specific configuration instantiated in the platform. This again highlights the importance of performing security analysis and verification at the system level to ensure that the integration of security controls like an HRoT do not introduce vulnerabilities.

Traditionally, verification approaches such as functional testing or penetration testing can be challenging to scale during this phase, especially as teams try to balance exhaustive verification efforts with the realities of resource and deadline constraints. However, automated hardware security platforms can help organizations be more efficient while still performing comprehensive testing.

Improved cybersecurity for the entire automotive industry

Bringing vehicles to market without strongly vetted software and hardware security can have severe consequences, which standards like ISO/SAE 21434 can help organizations avoid. Introducing vehicles to market without strongly vetted software and hardware security is a costly mistake. A hardware vulnerability detected late in the design cycle will increase time-to-market and reduce vendor trust. If it’s successfully exploited in production, consumers’ life and safety can be the consequence.

Closing the gap between defining consistent security requirements, and verifying in a more efficient and comprehensive manner, provides more confidence in the security of your designs. Learn more about avoiding security surprises in automotive semiconductors and download the infographic.



Leave a Reply


(Note: This name will be displayed publicly)