Refine Your Search

Topic

Author

Affiliation

Search Results

SAE MOBILUS Subscription

Cybersecurity

2017-05-01
Specific topics include: Automotive vehicle electronics Embedded systems architecture (cyber-physical) Data communication Hardware security design Vulnerability of embedded devices Software assurance Security technologies Intrusion detection Incident response Wireless security Penetration testing Security governance & risk management By purchasing this collection, you have full access to the publications included in the SAE MOBILUS Cybersecurity Knowledge Hub.
Standard

Road Vehicles - Cybersecurity Engineering

2020-02-12
CURRENT
ISO/SAE DIS 21434
A framework is defined that includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk. ...This document specifies requirements for cybersecurity risk management regarding engineering for concept, development, production, operation, maintenance, and decommissioning for road vehicle electrical and electronic (E/E) systems, including their components and interfaces. ...This document does not prescribe specific technology or solutions related to cybersecurity.
Standard

Cybersecurity Guidebook for Cyber-Physical Vehicle Systems

2016-01-14
CURRENT
J3061_201601
This recommended practice provides guidance on vehicle Cybersecurity and was created based off of, and expanded on from, existing practices which are being implemented or reported in industry, government and conference papers. ...Other proprietary Cybersecurity development processes and standards may have been established to support a specific manufacturer’s development processes, and may not be comprehensively represented in this document, however, information contained in this document may help refine existing in-house processes, methods, etc. ...This recommended practice establishes a set of high-level guiding principles for Cybersecurity as it relates to cyber-physical vehicle systems. This includes: Defining a complete lifecycle process framework that can be tailored and utilized within each organization’s development processes to incorporate Cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning.
Training / Education

Introduction to Automotive Cybersecurity

This course has been developed for the Chinese auto industry to provide engineers and software developers involved in V2X and related industries with important knowledge about vehicle cybersecurity, including basic cybersecurity practices, interpretation of SAE J3061 standards, connected vehicle attack & defense approaches and the Security Development Lifecycle (SDL).
Technical Paper

Cybersecurity Testing and Validation

2017-03-28
2017-01-1655
We also consider the necessary scope and depth of cybersecurity testing and suggest examples of how this can be related to cybersecurity requirements, goals and integrity levels, as determined by the threat analysis and risk assessment. ...An essential part of an effective cybersecurity engineering process is testing the implementation of a system for vulnerabilities and validating the effectiveness of countermeasures. ...The SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems provides a recommended framework which organizations can use to implement a cybersecurity engineering process, which includes activities such as integration and testing, penetration testing and verification/validation of cybersecurity requirements at the hardware, software and system levels.
Training / Education

Cybersecurity An Introduction for the Automotive Sector

The automotive industry is the new "battleground" for cybersecurity. Following the path of desktops/laptops, tablets, and mobile phones, the automotive industry is now the "hot" area for both academic researchers and hackers. ...What does cybersecurity mean? Who is attacking and why? What must we change? What can stay the same? What is the larger organization's role in cyber?
Book

Cybersecurity for Commercial Vehicles

2018-08-28
It delivers details on key subject areas including: • SAE International Standard J3061; the cybersecurity guidebook for cyber-physical vehicle systems • The differences between automotive and commercial vehicle cybersecurity. • Forensics for identifying breaches in cybersecurity. • Platooning and fleet implications. • Impacts and importance of secure systems for today and for the future. ...This book provides a thorough view of cybersecurity to encourage those in the commercial vehicle industry to be fully aware and concerned that their fleet and cargo could be at risk to a cyber-attack. ...It delivers details on key subject areas including: • SAE International Standard J3061; the cybersecurity guidebook for cyber-physical vehicle systems • The differences between automotive and commercial vehicle cybersecurity. • Forensics for identifying breaches in cybersecurity. • Platooning and fleet implications. • Impacts and importance of secure systems for today and for the future.
Technical Paper

Challenges in Integrating Cybersecurity into Existing Development Processes

2020-04-14
2020-01-0144
Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. ...Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. ...For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits.
Collection

Cybersecurity for Cyber-Physical Vehicle Systems, 2018

2018-04-03
This paper focuses on cybersecurity for cyber-physical vehicle systems. Topics include: design, development and implementation of security-critical cyber-physical vehicle systems, cybersecurity design, development, and implementation strategies, analysis methodologies, process and life-cycle management, comparisons of system safety and cybersecurity, etc. ...Topics include: design, development and implementation of security-critical cyber-physical vehicle systems, cybersecurity design, development, and implementation strategies, analysis methodologies, process and life-cycle management, comparisons of system safety and cybersecurity, etc. ...Topics include: design, development and implementation of security-critical cyber-physical vehicle systems, cybersecurity design, development, and implementation strategies, analysis methodologies, process and life-cycle management, comparisons of system safety and cybersecurity, etc. Application areas include: security-critical automotive systems, as well as other security-critical ground vehicle and aviation systems.
Collection

Cybersecurity for Cyber-Physical Vehicle Systems, 2017

2017-03-28
This paper focuses on cybersecurity for cyber-physical vehicle systems. Topics include: design, development and implementation of security-critical cyber-physical vehicle systems, cybersecurity design, development, and implementation strategies, analysis methodologies, process and life-cycle management, comparisons of system safety and cybersecurity, etc. ...Topics include: design, development and implementation of security-critical cyber-physical vehicle systems, cybersecurity design, development, and implementation strategies, analysis methodologies, process and life-cycle management, comparisons of system safety and cybersecurity, etc. ...Topics include: design, development and implementation of security-critical cyber-physical vehicle systems, cybersecurity design, development, and implementation strategies, analysis methodologies, process and life-cycle management, comparisons of system safety and cybersecurity, etc. Application areas include: security-critical automotive systems, as well as other security-critical ground vehicle and aviation systems.
SAE MOBILUS Subscription

SAE International Journal of Transportation Cybersecurity and Privacy

2017-01-01
Articles can present methods, tools, implementations, and applications of research in transportation cybersecurity and privacy around technologies, cybersecurity engineering process, and security economics and environment. ...Additional transportation systems, such as rail and maritime systems, are also in scope. Cybersecurity and Privacy Technologies • Cybersecurity of sensors and cyber-physical systems • Design of resilient architectures and applications • Privacy and data protection issues in transportation systems • Hardware security and secure hardware modules • Security of vehicular communications (on-board, between vehicles, and between vehicles and infrastructure) • Security of application platforms • Intrusion and anomaly detection systems • Forensics and analytics • Security of legally mandated applications (e.g., event data recorders, flight data recorders, tachographs, etc.) • Security of cloud-based infrastructure • Security of road pricing, restricted area access and vehicle monitoring • Security of vehicle theft deterrent, immobilization, and theft response solutions • Security of vehicular rights control and audit (e.g., feature activation) • Security of emergent technologies (e.g., automated driving, unmanned aerial vehicle, and electric vehicles) • Anti-reverse engineering Cybersecurity and Privacy Engineering Process • Cybersecurity engineering process • Privacy by design • Security throughout the system life-cycle • Vehicle-related information sharing and vulnerability coordination • Software assurance and formal methods • Security standardization • Supply chain integrity and traceability • Communication of cybersecurity risks, impacts, and priorities • Cybersecurity assurance testing • Information and processes to drive organizational awareness • Incident response • Collaboration and engagement of stakeholders • Reverse engineering and penetration testing Cybersecurity Economics and Environment • Security economics of both attackers and defenders • Security of vehicle-driven business, maintenance, and service models • Understanding and harnessing the hacker mindset • Right to repair issues • Impact of privacy/security requirements that vary by jurisdiction This journal is a member of COPE (Committee on Publication Ethics). ...., automated driving, unmanned aerial vehicle, and electric vehicles) • Anti-reverse engineering Cybersecurity and Privacy Engineering Process • Cybersecurity engineering process • Privacy by design • Security throughout the system life-cycle • Vehicle-related information sharing and vulnerability coordination • Software assurance and formal methods • Security standardization • Supply chain integrity and traceability • Communication of cybersecurity risks, impacts, and priorities • Cybersecurity assurance testing • Information and processes to drive organizational awareness • Incident response • Collaboration and engagement of stakeholders • Reverse engineering and penetration testing Cybersecurity Economics and Environment • Security economics of both attackers and defenders • Security of vehicle-driven business, maintenance, and service models • Understanding and harnessing the hacker mindset • Right to repair issues • Impact of privacy/security requirements that vary by jurisdiction This journal is a member of COPE (Committee on Publication Ethics).
Research Report

Unsettled Topics Concerning Airworthiness Cyber-Security Regulation

2020-08-21
EPR2020013
The "Dreamliner," the first true "flying data center," could no longer be certified for airworthiness ignoring "sabotage," like the classic safety regulation for commercial passenger aircraft – as its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set "Special Conditions" for cyber-security. In the 15 years that followed, airworthiness regulation followed suit, and all key rule-making, regulation-making, and standard-making organizations weighed in to establish a new airworthiness cyber-security superset of legislation, regulation, and standardization. ...In the 15 years that followed, airworthiness regulation followed suit, and all key rule-making, regulation-making, and standard-making organizations weighed in to establish a new airworthiness cyber-security superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, U.S. and European Union (EU) legislation, FAA and European Aviation Safety Agency (EASA) regulation and the DO-326/ED-202 set of standards are about to become the new standards for legislation, regulation, and best practices as soon as 2020, and in fact – some of them are already in effect.
Technical Paper

Cyber-security for Engine ECUs: Past, Present and Future

2015-09-01
2015-01-1998
In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.
Training / Education

Keys to Creating a Cybersecurity Process from the J3061 Process Framework

This allows an organization to develop an internal cybersecurity process consistent with its other processes in order to build cybersecurity robustness into their cyber- physical systems. ...This seminar will define key concepts in cybersecurity and discuss what a cybersecurity process consists of and why one is needed for the development of cyber-physical vehicle systems.
Training / Education

DO-326A and ED-202A An Introduction to the New and Mandatory Aviation Cyber-Security Essentials

2020-09-14
The international standards D-326A (U.S.) and ED-202A (Europe) titled "Airworthiness Security Process Specification" are the cornerstones of the "DO-326/ED-202 Set" and they are the only Acceptable Means of Compliance (AMC) by FAA & EASA for aviation cyber-security airworthiness certification, as of 2019. The "DO-326/ED-202 Set" also includes companion documents DO-356A/ED-203A: "Airworthiness Security Methods and Considerations" & DO-355/ED-204: "Information Security Guidance for Continuing Airworthiness" (U.S. & Europe) and ED-201: "Aeronautical Information System Security (AISS) Framework Guidance" & ED-205: "Process Standard for Security Certification / Declaration of Air Traffic Management / Air Navigation Services (ATM/ANS) Ground Systems“ (Europe only).
Technical Paper

An Integrated View on Automotive SPICE, Functional Safety and Cyber-Security

2020-04-14
2020-01-0145
This increases the attractiveness of an attack on vehicles and thus introduces new risks for vehicle cybersecurity. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. ...Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. Aware of this fact, the automotive industry has, therefore, recently taken multiple efforts in designing and producing safe and secure connected and automated vehicles. ...As the domain geared up for the cybersecurity challenges, they leveraged experiences from many other domains, but must face several unique challenges.
X