Search Results

The purpose of this SAE Aerospace Information Report (AIR) is to provide guidance for aircraft engine and propeller systems (hereafter referred to as propulsion systems) certification for cybersecurity. Compliance for cybersecurity requires that the engine control, propeller control, monitoring system, and all auxiliary equipment systems and networks associated with the propulsion system (such as nacelle systems, overspeed governors, and thrust reversers) be protected from intentional unauthorized electronic interactions (IUEI) that may result in an adverse effect on the safety of the propulsion system or the airplane.

With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming International Organization for Standardization and the Society for Automotive Engineers (ISO/SAE) 21434 cybersecurity standard for automotive systems and cybersecurity regulations in The United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (UNECE WP.29), it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. ...Cybersecurity for automotive systems is challenging, and one of the major challenges is how to measure this specific system property. ...With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming International Organization for Standardization and the Society for Automotive Engineers (ISO/SAE) 21434 cybersecurity standard for automotive systems and cybersecurity regulations in The United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (UNECE WP.29), it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles.

A significant milestone in advancing cybersecurity within the automotive industry is the release of the first international standard for automotive cybersecurity ISO/SAE 21434:2021 ‘Road Vehicles — Cybersecurity Engineering’. A recently published type approval regulation for automotive cybersecurity (UN R155) is also tailored for member countries of the UNECE WP.29 alliance. ...Thus, the challenges for embedded automotive systems engineers are increasing while frameworks, tools and shared concepts for cybersecurity engineering and training are scarce. Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. ...Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. This paper delves into an automotive cybersecurity training concept aimed at enhancing the proficiency of development engineers.

Its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set “Special Conditions” for cybersecurity. In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. ...In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, US and European Union (EU) legislations, FAA and European Aviation Safety Agency (EASA) regulations, and the DO-326/ED-202 set of standards are already the de-facto, and soon becoming the official, standards for legislation, regulation, and best practices, with the FAA already mandating it to a constantly growing extent for a few years now—and EASA adopting the set in its entirety in July 2020.

In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.

With the increasing connectivity and complexity of modern automobiles, cybersecurity has become one of the most important properties of a vehicle. Various strategies have been proposed to enhance automotive cybersecurity. ...Various strategies have been proposed to enhance automotive cybersecurity. Digital twin (DT), regarded as one of the top 10 strategic technology trends by Gartner in 2018 and 2019, establishes digital representations in a virtual world and raises new ideas to benefit real-life objects. ...In this paper, we explored the possibility of using digital twin technology to improve automotive cybersecurity. We designed two kinds of digital twin models, named mirror DT and autonomous DT, and corresponding environments to support cybersecurity design, development, and maintenance in an auto’s lifecycle, as well as technique training.

The VCE Laboratory testbeds are connected with an Amazon Web Services (AWS) cloud-based Cyber-security Labs as a Service (CLaaS) system, which allows students and researchers to access the testbeds from any place that has a secure internet connection. ...VCE students are assigned predefined virtual machines to perform designated cyber-security experiments. The CLaaS system has low administrative overhead associated with experiment setup and management. ...VCE Laboratory CLaaS experiments have been developed for demonstrating man-in-the-middle cyber-security attacks from actual compromised hardware or software connected with the TestCube.

Additionally, we go beyond the attack vectors listed in UN-R155 - using our own analysis, experience and insights, we explored other attack vectors that will also affect vehicle cybersecurity.

Supply chains, now being targeted as a pathway to the vital core of organizations around the world, have become a vital part of the industry’s cybersecurity strategy, says Kirsten Koepsel, author of SAE International’s latest book, The Aerospace Supply Chain and Cyber Security – Challenges Ahead, now available.

The flexible data rate capability in CAN (commonly called CAN FD) is implemented as a transport layer in order to allow for functional safety, cybersecurity, extended transport capability, and backward compatibility with SAE J1939DA.

Written by Kirsten Koepsel, a lawyer and engineer whose work has focused on aviation cybersecurity, Supply Chain Vulnerabilities Impacting Commercial Aviation addresses the big question facing aircraft manufacturers today: keep the work in house or outsource it? ...Supply Chain Vulnerabilities Impacting Commercial Aviation discusses the differences in requirements depending on the buyer of the aircraft (governmental or not), ranging from delivery delays to risks linked to cybersecurity and the Internet of Things (IoT), including possible problems with faulty sensors and counterfeit parts.

Quotes from COMVEC 2018 Industry leaders spoke extensively about all things autonomous-ADAS, big data, connectivity, cybersecurity, machine learning-at the annual SAE event. Here's some of what they had to say. Fuel-cell Class 8-take 2.0 With a longer-range and more-refined fuel cell-powered heavy-duty truck, Toyota aims to eventually eliminate emissions from trucks serving increasingly congested California ports. ...Editorial Bring innovation, disruption in-house Adding 3D printing to design, manufacturing processes Upstream devoted to truck cybersecurity threats Jacobs employs cylinder deactivation in HD engines to lower CO2, NOx Emissions reductions continue to disrupt CV industry Mercedes doubles down on electric vans and buses, considers fuel cells Off-road bus from Torsus transports to hard-to-reach places Q&A Perkins pursues plug-and-play connectivity

Connected commercial vehicles bring cybersecurity to the fore Connectivity, automation and electrification will drive vehicle development in the near future, say industry experts attending the revamped SAE COMVEC 17 event.

Countering cybersecurity threats against unmanned vehicle systems Cranfield University researchers have developed a monitoring system whose purpose is to monitor mission profile implementation at both high level mission execution and at lower level software code operation to tackle specific threats of malicious code and possible spurious commands received over a vehicle's data links.

To serve and protect As cars become more connected and automated, cybersecurity concerns are rising. Industry engineers have many tools and techniques and are now deploying encryption and standards to ensure that vehicle controls are not altered or usurped by unauthorized people.

Defending the heavy-vehicle cyber domain Cybersecurity experts explained at SAE COMVEC 2021 how they're preparing the next generation of thwarters to protect increasingly electrified, connected and automated trucks.

Supplier Eye Inflation ignites another supplier squeeze Toyota reinvesting in collaborative safety research SAE and NREL partner to strengthen EV-charging cybersecurity Expanding the 'bubble' of cabin acoustics 2022 Ford F-150 Lightning redefines the pickup paradigm GM's Hummer EV is like nothing else

Symbolic code execution is a powerful cybersecurity testing approach that facilitates the systematic exploration of all paths within a program to uncover previously unknown cybersecurity vulnerabilities. ...Symbolic code execution is a powerful cybersecurity testing approach that facilitates the systematic exploration of all paths within a program to uncover previously unknown cybersecurity vulnerabilities. This is achieved through a Satisfiability Modulo Theory (SMT) solver, which operates on symbolic values for program inputs instead of using their concrete counterparts.

Since the early 1990’s, commercial vehicles have suffered from repeated vulnerability exploitations that resulted in a need for improved automotive cybersecurity. This paper outlines the strategies and challenges of implementing an automotive Zero Trust Architecture (ZTA) to secure intra-vehicle networks. ...This research successfully met the four requirements and demonstrated that using ZT principles in an on-vehicle network greatly improved the cybersecurity posture with manageable impact to system performance and deployment.

SAE Standards News VS committees fully engaged on cybersecurity. Honda's new 10-speed is a slick shifter SAE Level 3 'hand off' challenging AI researchers Lightweight door module aims to trim vehicle weight Exclusive first drive: Torotrak's V-Charge technology New 10-speed auto delights in 2017 Ford F-150 Power and more underscore 2018 Toyota Camry I.D.