Several cybersecurity-related standards are being developed under SAE International's Global Ground Vehicle Standards group’s Vehicle Electrical System Security (Cybersecurity) Committee. Created specifically to foster automotive industry cooperation on the topic, the committee comprises various OEMs, suppliers, academia, and regulatory members.
The committee’s charter statement reads: "The SAE Vehicle Electrical System Security Committee is responsible for developing and maintaining Recommended Practices and Information Reports in the area of vehicle electrical systems’ security. The committee’s scope is on-board vehicle electrical systems that affect vehicle control or otherwise act contrary to the occupants’ interests if the systems are manipulated by an attacker.
"The goals of the committee are identifying and recommending strategies and techniques related to preventing and detecting adversarial breaches, and mitigating undesirable effects if a breach is achieved.
"The group will classify attack methods, propose preventative strategies, define levels of security by criticality of system type, and identify architecture-level strategies for mitigating attacks."
The committee’s Automotive Security Guidelines and Risk Development Task Force is completing work on the foremost among SAE’s cybersecurity-related standards: J3061 “Cybersecurity Guidebook for Cyber-Physical Automotive Systems.” Part of the task force’s scope is to “create a cybersecurity guidebook for cyber-physical automotive systems, consistent with risk methodology in the ISO 26262 Functional Safety Standard. The goal is to evaluate threat analysis and risk assessment (TARA) methods using a simple approach to allow effective implementation across the automotive industry.”
The committee also has an active Vehicle Electrical Hardware Security Task Force working to:
• Identify requirements for hardware security solutions
• Obtain information on existing solutions—i.e., to understand current offerings and identify potential gaps
• Identify detail requirements—i.e., functional requirements, minimum performance specifications
• Provide additional detail, if appropriate to existing standards.
This task force is also working to identify a proposed standardized set of firmware functionality. Part of its charter includes the initiation of liaison activities with other relevant organizations and standards-development organizations working in this area in order to commonize requirements wherever possible.
SAE cited J3061 in comments responding to a Request for Comments on automotive electronic control systems safety and security issued by the U.S. Department of Transportation’s NHTSA (National Highway Traffic Safety Administration) unit. The agency will consider all comments submitted to the docket (NHTSA-2014-0108; go to http://www.regulations.gov/#!home) in determining whether there is a need for regulation.
The Request for Comments points to NHTSA’s concern about both the general safety of electronic systems, and about cybersecurity threats. One of the many questions it posed in its Request for Comments was: “Could security assurance be handled within a modified framework of existing safety process standards (such as FMEAs, FTAs, ISO 26262) or does “design for security” require its own process?”
In response, SAE wrote: “Safety assurance differs from security assurance in a fundamental way. With cybersecurity assurance the goal with respect to safety-related threats is to protect against the intent to do harm whereas with safety assurance, the goal is to protect against the possibility of harm due to malfunctioning behavior (a non-intentional event). In addition, cybersecurity assurance is concerned with issues associated with PII (Personal Identifiable Information) or privacy, vehicle operability, financial losses through extortion, theft of confidential information, etc., and vehicle theft. Safety assurance does not address issues outside of the safety realm.
“That being said, cybersecurity and safety assurance are similar endeavors and can be considered parallel activities within the overall product development process. One of the objectives of the Automotive Security Guidelines and Risk Management SAE Committee is to develop a Cybersecurity for Cyber-Physical Vehicle Systems Best Practice Guidelines document. The SAE J3061 recommended practice utilizes the existing ISO 26262 process framework for a cybersecurity process. J3061 details how cybersecurity assurance can be introduced in parallel with safety assurance or integrated into a common safety and cybersecurity product development process. Using a common process framework between safety and cybersecurity facilitates coordination of cybersecurity and safety, and this is one of the goals of the recommended practice J3061.
“This recommended practice is nearing completion and is expected to be published in 2015.”
In response to the question, “What performance-based tests, methods, and processes are available for security assurance of automotive electronic control systems?” SAE wrote:
“There are no automotive industrywide accepted standard tests/processes today, but there are tools that may be used to identify vulnerabilities. Each OEM approaches this individually today. This could be a future project to develop performance-based tests, methods, and processes to formulate security assurance of automobile security systems. However, by defining and publishing standard tests/methods/processes, this information could be exploited for malicious intent, and would require continuous vigilance on the OEM’s part. Although performance-based tests, methods, and processes cover many aspects of cybersecurity, cybersecurity may require methods not previously used on automobiles.
“Cybersecurity penetration testing is different from other areas of testing, such as durability testing, where one knows what event can lead to an issue and can develop specific performance-based tests, methods, and processes to cover these known specific events. However, with cybersecurity penetration testing, each attacker may exploit different vulnerabilities and different paths to a successful attack. Therefore, a ‘tester’ needs to be able to think like an attacker and try to figure out a way to exploit a system without knowing specific vulnerabilities; each system may have different vulnerabilities which also complicates determining specific performance-based tests, methods, and processes.
“Part of the J3061 Recommended Practice does include vulnerability analysis. For some of the identified vulnerabilities, it may be feasible to determine performance-based tests, methods, and processes and for others it may not. This is yet to be determined.”
Answering a related question, SAE wrote:
“Safety is the highest priority but does not normally include cybersecurity issues. For example, malicious intentional attacks on the embedded electronic architecture are the concern of cybersecurity, but could also impact functions under the scope of the safety organization. Therefore, it is essential that safety and cybersecurity work together to address possible intentional attacks on the electronic system. The goal of using a common process framework between the process framework of ISO 26262 and the process framework of the cybersecurity process described in the J3061 Recommended Practice is to facilitate the collaboration between safety and cybersecurity engineers. J3061 describes two ways in which this collaboration can occur:
• Through an integrated safety and cybersecurity process, and
• Through parallel safety and cybersecurity processes with potential communication points between safety and cybersecurity identified and called out.”
In a related matter, SAE announced Dec. 22 that it is partnering with Battelle and Delphi Automotive for the 4th Annual Battelle CyberAuto Challenge. During the five-day event, integrated teams of students, scientists, government personnel, and auto industry engineers will be formed to engage in a practicum-based series of challenges. For more information, visit www.battelle.org/cyber-auto-challenge or contact firstname.lastname@example.org.
Go to http://articles.sae.org/13725/ for a recent Automotive Engineering article on cybersecurity.