Cybersecurity in EV’s: Approach for Systematic Secured SW Development through ISO/SAE 21434 & ASPICE 2023-01-0046

Cybersecurity (CS) is crucial and significantly important in every product that is connected to the network/internet. At present, society is getting used to a lot of connected devices for multiple day-to-day needs that are as small as controlling the air conditioner (AC) temperature of the house when we are away, to the fully equipped high end modern car which may have 100+ electronic control units (ECU’s) [1]. Hence making it very important to guarantee that every single connected device shall have cybersecurity measures implemented to ensure the safety of the entire system.

Looking into the forecasted worldwide growth in the electric vehicles (EV’s) segment, CS researchers have recently identified several vulnerabilities that exist in EV’s, electric vehicle supply equipment (EVSE) devices, communications to EVs, and upstream services, such as EVSE vendor cloud services, third party systems, and grid operators. The impending impact of attacks on these systems can range from relatively minor local effects to the large-scale national disruptions.

Fortunately, for automotive, there are standards that lay down a strong perspective for the safety and security of road vehicles. ISO/SAE 21434:2021 ensures appropriate consideration of the CS for engineering of electrical & electronic (E/E) systems to keep up with state-of-the-art technology and evolving attack methods. One more such standard is Automotive SPICE (ASPICE) that lays down a process assessment model, when used with a proper assessment methodology helps to identify process related risks. Additional processes have been defined in the process reference and assessment model for the CS engineering in order to incorporate the cybersecurity related processes in the ASPICE scope. This paper aims at providing a model & brief overview to establish a correlation between the ASPICE, ISO/SAE 21434 and the ISO 26262 functional safety (FS) standards for development of a secured cybersecurity software with all the considerations that an organization can undertake.