Refine Your Search

Search Results

Viewing 1 to 11 of 11
Technical Paper

Cybersecurity Testing and Validation

We also consider the necessary scope and depth of cybersecurity testing and suggest examples of how this can be related to cybersecurity requirements, goals and integrity levels, as determined by the threat analysis and risk assessment. ...An essential part of an effective cybersecurity engineering process is testing the implementation of a system for vulnerabilities and validating the effectiveness of countermeasures. ...The SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems provides a recommended framework which organizations can use to implement a cybersecurity engineering process, which includes activities such as integration and testing, penetration testing and verification/validation of cybersecurity requirements at the hardware, software and system levels.
Training / Education

Keys to Creating a Cybersecurity Process from the J3061 Process Framework

This allows an organization to develop an internal cybersecurity process consistent with its other processes in order to build cybersecurity robustness into their cyber- physical systems. ...Connected vehicles are increasingly seen as a potential target for cybersecurity attacks. A key differentiator for the automotive industry is the use of cyber-physical systems, where a successful cybersecurity attack could affect physical entities.
Training / Education

Keys to Creating a Cybersecurity Process from the J3061 Process Framework

This allows an organization to develop an internal cybersecurity process consistent with its other processes in order to build cybersecurity robustness into their cyber-physical systems. ...This web seminar will define key concepts in cybersecurity and discuss what a cybersecurity process consists of and why one is needed for the development of cyber-physical vehicle systems.
Training / Education

DO -326A and ED-202A An Introduction to the New and Mandatory Aviation Cyber-Security Essentials

The international standards D-326A (U.S.) and ED-202A (Europe) titled "Airworthiness Security Process Specification" are the cornerstones of the "DO-326/ED-202 Set" and they are the only Acceptable Means of Compliance (AMC) by FAA & EASA for aviation cyber-security airworthiness certification, as of 2019. The "DO-326/ED-202 Set" also includes companion documents DO-356A/ED-203A: "Airworthiness Security Methods and Considerations" & DO-355/ED-204: "Information Security Guidance for Continuing Airworthiness" (U.S. & Europe) and ED-201: "Aeronautical Information System Security (AISS) Framework Guidance" & ED-205: "Process Standard for Security Certification / Declaration of Air Traffic Management / Air Navigation Services (ATM/ANS) Ground Systems“ (Europe only).
Training / Education

ISO 26262 Functional Safety – Road Vehicles Focus on Second Edition Changes

In addition to presenting an overview of the standard, this course highlights the major changes introduced in the second edition, which extends the standard's scope to include all vehicles (excluding special vehicles), the objective-oriented confirmation measures approach, and references to Cybersecurity at the Concept and System Level development.
Technical Paper

Integrating STPA into ISO 26262 Process for Requirement Development

Developing requirements for automotive electric/electronic systems is challenging, as those systems become increasingly software-intensive. Designs must account for unintended interactions among software features, combined with unforeseen environmental factors. In addition, engineers have to iteratively make architectural tradeoffs and assign responsibilities to each component in the system to accommodate new safety requirements as they are revealed. ISO 26262 is an industry standard for the functional safety of automotive electric/electronic systems. It specifies various processes and procedures for ensuring functional safety, but does not limit the methods that can be used for hazard and safety analysis. System Theoretic Process Analysis (STPA) is a new technique for hazard analysis, in the sense that hazards are caused by unsafe interactions between components (including humans) as well as component failures and faults.
Journal Article

Threat Analysis and Risk Assessment in Automotive Cyber Security

The process of hazard analysis and risk assessment (H&R or HARA) is well-established in standards and methods for functional safety, such as the automotive functional safety standard ISO 26262. Considering the parallel discipline of cyber security, it is necessary to establish an analogous process of threat analysis and risk assessment (T&R) in order to identify potential security attacks and the risk associated with these attacks if they were successful. While functional safety H&R processes could be used for threat analysis, these methods need extension and adaptation to the cyber security domain. This paper describes how such a method has been developed based on the approach described in ISO 26262 and the related MISRA Safety Analysis Guidelines. In particular key differences are described in the understanding of the severity of a security attack, and the factors that contribute to the probability of a successful attack.
Technical Paper

Case Study for Defining Security Goals and Requirements for Automotive Security Parts Using Threat Modeling

Several external networks like telematics, and SOTA and many in-vehicle networks by gateways and domain controllers have been increasingly introduced. However, these trends may potentially make many critical data opened, attacked and modified by hackers. These days, vehicle security has been significantly required as these vehicle security threats are related to the human life like drivers and pedestrians. Threat modeling is process of secure software development lifecycle which is developed by Microsoft. It is a systematic approach for analyzing the potential threat in software and identifying the security risk associated with software. Through threat modeling, security risk is be mitigated and eliminated. In vehicle software System, one of vulnerability can affect critical problem about safety. An approach from experience and hacking cases is not enough for analyzing the potential threat and preparing new hacking attack.

SAE International anti-counterfeit standards integral to obsolescence management

Counterfeit parts prevention is integral to an effective obsolescence management plan, and the focus of anti-counterfeit standards – including Counterfeit Avoidance Standard (AS5553) and Counterfeit Detection Standard (AS6081) – from SAE International in Warrendale, Pa. SAE International officials are bringing the anti-counterfeit discussion and sharing best practices, which include adherence to critical standards, to the Future of Obsolescence Management (FOM) event on October 10 and 11 in Washington.