Therefore, engineers should ensure that systems are designed free of unreasonable risks to motor vehicle safety, including those that may result due to existence of potential cybersecurity vulnerabilities. The automotive industry is making vehicle cybersecurity an organizational priority.
The international standards D-326A (U.S.) and ED-202A (Europe) titled "Airworthiness Security Process Specification" are the cornerstones of the "DO-326/ED-202 Set" and they are the only Acceptable Means of Compliance (AMC) by FAA & EASA for aviation cyber-security airworthiness certification, as of 2019. The "DO-326/ED-202 Set" also includes companion documents DO-356A/ED-203A: "Airworthiness Security Methods and Considerations" & DO-355/ED-204: "Information Security Guidance for Continuing Airworthiness" (U.S. & Europe) and ED-201: "Aeronautical Information System Security (AISS) Framework Guidance" & ED-205: "Process Standard for Security Certification / Declaration of Air Traffic Management / Air Navigation Services (ATM/ANS) Ground Systems“ (Europe only).
Despite the advantages of electronic flight bags (EFB), passenger entertainment and email access during flights, and the ability to access aircraft repair manuals electronically, computer interconnectivity throughout aviation has opened the aviation sector to cyber-attacks that could impact flights, data, and safety. This two-day seminar is intended to introduce aviation professionals to the need to implement cyber security throughout commercial aviation including the supply chain.
The ever-increasing networking and automation of vehicles make cybersecurity a core requirement for future vehicles and their components. Automobile manufacturers and suppliers are confronted with new requirements that address the cybersecurity of vehicle IT/OT.
With the introduction of Connected vehicles, it is possible to extend the limited horizon of vehicles on the road by collective perceptions, where vehicles periodically share their information with others vehicles / servers using cloud. Nevertheless, by the time the connected vehicle spread expands, it is critical to understand the validation techniques which can be used to ensure a flawless transfer of data and connectivity. Usually the connected vehicle validation is limited to Application layer only in most of the OEMs. However in this work, we focus on validation of all the 4 layers involved namely, Physical hardware layer, Communication layer, Cloud platform and Application layer. For physical and communication layer, we simulated the in-vehicle environment using standalone vehicle electronic control units (ECUs) which communicate with the telematics control unit (TCU) available in the vehicle and a localized load box for replicating the actual load cases.
In order to enhance customer experience and to reduce time to market, the manufacturers are constantly in need of being able to update software/firmware of the Electronic Control units (ECU) when the vehicle is in field operations. The updates could be a bug fix or a new feature release. Until the recent years, the updation of software/firmware used to be done using a physical hardwired connection to the Vehicle in a workshop. However, with the element of connectivity being added to the vehicle, the updation of software can be done remotely and wirelessly over the air using a feature called Flash over the air (FOTA) and Software over the air (SOTA). In order to safeguard the telematics ECU from tampering or hacking, the manufacturers are doing away with the ports on the underlying hardware through which manual flashing used to be done. This means that, the only option available to flash or update the ECU is using FOTA/SOTA.