Refine Your Search

Topic

Author

Affiliation

Search Results

Standard

Road Vehicles - Cybersecurity Engineering

2020-02-12
CURRENT
ISO/SAE DIS 21434
A framework is defined that includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk. ...This document specifies requirements for cybersecurity risk management regarding engineering for concept, development, production, operation, maintenance, and decommissioning for road vehicle electrical and electronic (E/E) systems, including their components and interfaces. ...This document does not prescribe specific technology or solutions related to cybersecurity.
Standard

Cybersecurity Guidebook for Cyber-Physical Vehicle Systems

2016-01-14
CURRENT
J3061_201601
This recommended practice provides guidance on vehicle Cybersecurity and was created based off of, and expanded on from, existing practices which are being implemented or reported in industry, government and conference papers. ...Other proprietary Cybersecurity development processes and standards may have been established to support a specific manufacturer’s development processes, and may not be comprehensively represented in this document, however, information contained in this document may help refine existing in-house processes, methods, etc. ...This recommended practice establishes a set of high-level guiding principles for Cybersecurity as it relates to cyber-physical vehicle systems. This includes: Defining a complete lifecycle process framework that can be tailored and utilized within each organization’s development processes to incorporate Cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning.
Technical Paper

Cybersecurity Metrics for Automotive Systems

2021-04-06
2021-01-0138
With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming ISO/SAE 21434 cybersecurity standard for automotive systems and cybersecurity regulations in UNECE WP.29, it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. ...Cybersecurity for automotive systems is challenging and one of the major challenges is how to measure this specific system property. ...With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming ISO/SAE 21434 cybersecurity standard for automotive systems and cybersecurity regulations in UNECE WP.29, it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles.
Technical Paper

Challenges in Integrating Cybersecurity into Existing Development Processes

2020-04-14
2020-01-0144
Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. ...Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. ...For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits.
Technical Paper

Integrating Fuzz Testing into the Cybersecurity Validation Strategy

2021-04-06
2021-01-0139
Therefore, modern cybersecurity validation is highly stressed for finding security vulnerabilities and robustness issues early and systematically at every stage of the product development process. ...The integration of a sophisticated fuzz testing program within the overall cybersecurity validation strategy allows for accommodating towards these challenging demands. In this paper, we review a general automotive cybersecurity engineering process containing functional testing, vulnerability scanning and penetration testing, and highlight shortcomings that can be complemented by fuzz testing. ...In this paper, we review a general automotive cybersecurity engineering process containing functional testing, vulnerability scanning and penetration testing, and highlight shortcomings that can be complemented by fuzz testing.
Journal Article

The Missing Link: Aircraft Cybersecurity at the Operational Level

2020-07-25
Abstract Aircraft cybersecurity efforts have tended to focus at the strategic or tactical levels without a clear connection between the two. ...CSSEP’s process model postulates that security is best achieved by a balance of cybersecurity, cyber resiliency, defensibility, and recoverability and that control is best established by developing security constraints versus attempting to find every vulnerability. ...CSSEP identifies the major functions needed to do effective aircraft cybersecurity and provides a flexible framework as the “missing link” to connect the strategic and tactical levels of aircraft cybersecurity.
Research Report

Unsettled Topics Concerning Airworthiness Cybersecurity Regulation

2020-08-31
EPR2020013
Its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set “Special Conditions” for cybersecurity. In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. ...In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, US and European Union (EU) legislations, FAA and European Aviation Safety Agency (EASA) regulations, and the DO-326/ED-202 set of standards are already the de-facto, and soon becoming the official, standards for legislation, regulation, and best practices, with the FAA already mandating it to a constantly growing extent for a few years now—and EASA adopting the set in its entirety in July 2020.
Technical Paper

Cyber-security for Engine ECUs: Past, Present and Future

2015-09-01
2015-01-1998
In this paper, we outline past, present and future applications of automotive security for engine ECUs. Electronic immobilizers and anti-tuning countermeasures have been used for several years. Recently, OEMs and suppliers are facing more and more powerful attackers, and as a result, have introduced stronger countermeasures based on hardware security. Finally, with the advent of connected cars, it is expected that many things that currently require a physical connection will be done remotely in a near future. This includes remote diagnostics, reprogramming and engine calibration.
Training / Education

Managing Cybersecurity Risks Using ISO/SAE DIS 21434

Anytime
This introductory course outlines the methods specified to assess cybersecurity risk to a road vehicle product in the context of ISO/SAE 21434. This risk-based methodology is a modular component of additional topics in the standard and a necessary concept to comprehend. ...Managing Cybersecurity Risks Using ISO/SAE 21434 explains the methods and logic behind the standard and focuses on risk assessment as a basic principle that must be applied in all other areas of 21434.
Technical Paper

An Integrated View on Automotive SPICE, Functional Safety and Cyber-Security

2020-04-14
2020-01-0145
This increases the attractiveness of an attack on vehicles and thus introduces new risks for vehicle cybersecurity. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. ...Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles. Aware of this fact, the automotive industry has, therefore, recently taken multiple efforts in designing and producing safe and secure connected and automated vehicles. ...As the domain geared up for the cybersecurity challenges, they leveraged experiences from many other domains, but must face several unique challenges.
Training / Education

Introduction to Automated Vehicle Safety Multi-Agent, Functional, SOTIF, and Cybersecurity

2021-11-10
You’ll learn the main attributes of safety as applied to automated vehicles, including the four types of safety: Functional Safety, Safety of the Intended Functionality (SOTIF),  Multi-agent safety, and safety involved in cybersecurity attacks. The discussion will enable participants to conceive of the various applicable design aspects of safety, clarify the role of SOTIF, multi-agent safety, and cybersecurity safety and address the development of multi-agent safety using a probabilistic and stochastic framework.
Technical Paper

Research on Vehicle Cybersecurity Based on Dedicated Security Hardware and ECDH Algorithm

2017-09-23
2017-01-2005
Vehicle cybersecurity consists of internal security and external security. Dedicated security hardware will play an important role in car’s internal and external security communication. ...For certain AURIX MCU consisting of HSM, the experiment result shows that cheaper 32-bit HSM’s AES calculating speed is 25 times of 32-bit main controller, so HSM is an effective choice to realize cybersecurity. After comparing two existing methods that realize secure CAN communication, A Modified SECURE CAN scheme is proposed, and differences of the three schemes are analyzed.
Article

Challenges ahead: cybersecurity and the aerospace supply chain

2018-07-24
Supply chains, now being targeted as a pathway to the vital core of organizations around the world, have become a vital part of the industry’s cybersecurity strategy, says Kirsten Koepsel, author of SAE International’s latest book, The Aerospace Supply Chain and Cyber Security – Challenges Ahead, now available.
X