Refine Your Search

Topic

Author

Affiliation

Search Results

Standard

Cybersecurity for Propulsion Systems

2023-09-05
CURRENT
AIR7368
The purpose of this SAE Aerospace Information Report (AIR) is to provide guidance for aircraft engine and propeller systems (hereafter referred to as propulsion systems) certification for cybersecurity. Compliance for cybersecurity requires that the engine control, propeller control, monitoring system, and all auxiliary equipment systems and networks associated with the propulsion system (such as nacelle systems, overspeed governors, and thrust reversers) be protected from intentional unauthorized electronic interactions (IUEI) that may result in an adverse effect on the safety of the propulsion system or the airplane.
Book

Cybersecurity for Entrepreneurs

2023-05-30
With all that is involved in starting a new business, cybersecurity can easily be overlooked but no one can afford to put it on the back burner. Cybersecurity for Entrepreneurs is the perfect book for anyone considering a new business venture. ...Written by cybersecurity experts from industry and academia, this book serves as an all-inclusive reference to build a baseline of cybersecurity knowledge for every small business. ...Written by cybersecurity experts from industry and academia, this book serves as an all-inclusive reference to build a baseline of cybersecurity knowledge for every small business. Authors Gloria D'Anna and Zachary A. Collier bring a fresh approach to cybersecurity using a conversational tone and a friendly character, Peter the Salesman, who stumbles into all the situations that this book teaches readers to avoid.
Standard

Road Vehicles - Cybersecurity Engineering

2021-08-31
CURRENT
ISO/SAE21434
A framework is defined that includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk. ...This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces. ...This document does not prescribe specific technology or solutions related to cybersecurity.
Journal Article

Cybersecurity Metrics for Automotive Systems

2021-04-06
2021-01-0138
With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming International Organization for Standardization and the Society for Automotive Engineers (ISO/SAE) 21434 cybersecurity standard for automotive systems and cybersecurity regulations in The United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (UNECE WP.29), it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. ...Cybersecurity for automotive systems is challenging, and one of the major challenges is how to measure this specific system property. ...With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming International Organization for Standardization and the Society for Automotive Engineers (ISO/SAE) 21434 cybersecurity standard for automotive systems and cybersecurity regulations in The United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (UNECE WP.29), it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles.
Training / Education

Cybersecurity in the Energy Sector

Anytime
Anatomy and examples of cyberattacks on industrial control systems (ICS) and critical infrastructures (CI): In this course you will understand the importance of cybersecurity for Critical Infrastructure and you will know typical attack vectors, vulnerabilities and defense strategies. ...Decentralized Energy Systems Security: In this course you will know relevant technical countermeasures for cybersecurity. You will understand threats and solutions concerning data communication and network security in the energy systems.
Technical Paper

Cybersecurity by Agile Design

2023-04-11
2023-01-0035
ISO/SAE 21434 [1] Final International Standard was released September 2021 to great fanfare and is the most prominent standard in Automotive Cybersecurity. As members of the Joint Working Group (JWG) the authors spent 5 years developing the 84 pages of precise wording acceptable to hundreds of contributors. ...The application to Agile may require interpreting the standard from another angle, which could involve reordering the sequence of activities and work products, breaking down the acceptable criteria of some work products to allow rapid iterations, and verifications of meta data or intermediate work products. In cybersecurity engineering, Agile has its unique strength compared to the V-model method, as its cyclical nature is better aligned with best practices for Cybersecurity Frameworks. ...In cybersecurity engineering, Agile has its unique strength compared to the V-model method, as its cyclical nature is better aligned with best practices for Cybersecurity Frameworks.
Technical Paper

Challenges in Integrating Cybersecurity into Existing Development Processes

2020-04-14
2020-01-0144
Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. ...Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. ...For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits.
Technical Paper

A Comprehensive Training Approach for Automotive Cybersecurity Engineering

2024-04-09
2024-01-2800
A significant milestone in advancing cybersecurity within the automotive industry is the release of the first international standard for automotive cybersecurity ISO/SAE 21434:2021 ‘Road Vehicles — Cybersecurity Engineering’. A recently published type approval regulation for automotive cybersecurity (UN R155) is also tailored for member countries of the UNECE WP.29 alliance. ...Thus, the challenges for embedded automotive systems engineers are increasing while frameworks, tools and shared concepts for cybersecurity engineering and training are scarce. Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. ...Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. This paper delves into an automotive cybersecurity training concept aimed at enhancing the proficiency of development engineers.
Technical Paper

Integrating Fuzz Testing into the Cybersecurity Validation Strategy

2021-04-06
2021-01-0139
Therefore, modern cybersecurity validation is highly stressed for finding security vulnerabilities and robustness issues early and systematically at every stage of the product development process. ...The integration of a sophisticated fuzz testing program within the overall cybersecurity validation strategy allows for accommodating towards these challenging demands. In this paper, we review a general automotive cybersecurity engineering process containing functional testing, vulnerability scanning and penetration testing, and highlight shortcomings that can be complemented by fuzz testing. ...In this paper, we review a general automotive cybersecurity engineering process containing functional testing, vulnerability scanning and penetration testing, and highlight shortcomings that can be complemented by fuzz testing.
Technical Paper

Onboard Cybersecurity Diagnostic System for Connected Vehicles

2021-09-21
2021-01-1249
Here, we discuss the On-Board Diagnostic (OBD) regulations for next generation BEV/HEV, its vulnerabilities and cybersecurity threats that come with hacking. We propose three cybersecurity attack detection and defense methods: Cyber-Attack detection algorithm, Time-Based CAN Intrusion Detection Method and, Feistel Cipher Block Method. ...These control methods autonomously diagnose a cybersecurity problem in a vehicle’s onboard system using an OBD interface, such as OBD-II when a fault caused by a cyberattack is detected, All of this is achieved in an internal communication network structure.
Training / Education

Managing Cybersecurity Risks Using ISO/SAE 21434

Anytime
This introductory course outlines the methods specified to assess cybersecurity risk to a road vehicle product in the context of ISO/SAE 21434. This risk-based methodology is a modular component of additional topics in the standard and a necessary concept to comprehend. ...Managing Cybersecurity Risks Using ISO/SAE 21434 explains the methods and logic behind the standard and focuses on risk assessment as a basic principle that must be applied in all other areas of 21434.
Journal Article

The Missing Link: Aircraft Cybersecurity at the Operational Level

2020-07-25
Abstract Aircraft cybersecurity efforts have tended to focus at the strategic or tactical levels without a clear connection between the two. ...CSSEP’s process model postulates that security is best achieved by a balance of cybersecurity, cyber resiliency, defensibility, and recoverability and that control is best established by developing security constraints versus attempting to find every vulnerability. ...CSSEP identifies the major functions needed to do effective aircraft cybersecurity and provides a flexible framework as the “missing link” to connect the strategic and tactical levels of aircraft cybersecurity.
Research Report

Unsettled Topics Concerning Airworthiness Cybersecurity Regulation

2020-08-31
EPR2020013
Its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set “Special Conditions” for cybersecurity. In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. ...In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, US and European Union (EU) legislations, FAA and European Aviation Safety Agency (EASA) regulations, and the DO-326/ED-202 set of standards are already the de-facto, and soon becoming the official, standards for legislation, regulation, and best practices, with the FAA already mandating it to a constantly growing extent for a few years now—and EASA adopting the set in its entirety in July 2020. ...Click here to access The Mobility Frontier: Cybersecurity on the Air & Ground Click here to access the full SAE EDGETM Research Report portfolio.
Technical Paper

Cybersecurity Approval Criteria: Application of UN R155

2024-07-02
2024-01-2983
The UN R155 regulation is the first automotive cybersecurity regulation and has made security a mandatory approval criterion for new vehicle types. ...These recommendations aim to enhance the comprehensiveness of the security assessment associated with UN R155, fostering a more uniform approach to evaluating cybersecurity in the context of vehicle type approvals.
Technical Paper

Safety, ADAS, and Cybersecurity: Vol. 1

2024-05-03
EPRCOMPV152023
This chapter delves into the field of multi-agent collaborative perception (MCP) for autonomous driving: an area that remains unresolved. Current single-agent perception systems suffer from limitations, such as occlusion and sparse sensor observation at a far distance. To address this, three unsettled topics have been identified that demand immediate attention. First, it is crucial to establish normative communication protocols to facilitate seamless information sharing among vehicles. Second, collaboration strategies need to be defined, including identifying the need for specific collaboration projects, determining the collaboration partners, defining the content of collaboration, and establishing the integration mechanism. Finally, collecting sufficient data for MCP model training is vital. This includes capturing diverse modal data and labeling various downstream tasks as accurately as possible.
Technical Paper

Enhanced Penetration Testing for Automotive Cybersecurity

2022-12-16
2022-01-7123
Automotive electronics and enterprise IT are converging and thus open the doors for advanced hacking. With their immediate safety impact, cyberattacks on such systems will endanger passengers. Today, there are various methods of security verification and validation in the automotive industry. However, we realize that vulnerability detection is incomplete and inefficient with classic security testing. In this article, we show how an enhanced Grey-Box Penetration Test (GBPT) needs less test cases while being more effective in terms of coverage and indicating less false positives.
Technical Paper

Cyber-security for Engine ECUs: Past, Present and Future

2015-09-01
2015-01-1998
In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.
Journal Article

A Quantitative Analysis of Autonomous Vehicle Cybersecurity as a Component of Trust

2023-08-10
Abstract Connected autonomous vehicles that employ internet connectivity are technologically complex, which makes them vulnerable to cyberattacks. Many cybersecurity researchers, white hat hackers, and black hat hackers have discovered numerous exploitable vulnerabilities in connected vehicles. ...This study expanded the technology acceptance model (TAM) to include cybersecurity and level of trust as determinants of technology acceptance. This study surveyed a diverse sample of 209 licensed US drivers over 18 years old.
X