Cyber Physical Systems Security Hardware Assurance
This SAE document standardizes practices to: (a) assess and address weaknesses and vulnerabilities of the hardware, specifically the EEE components, of a cyber physical system utilizing systems engineering principles to ensure security and resilience throughout the lifecycle of the system, (b) conduct EEE component level assurance and analysis, considering impact on the hardware, software, and firmware, in the product or system, (c) address different areas of concern that includes consideration of the interfaces and network of the system and command and control that could be manipulated through a physical process and/or physical input of the data flow and computation, and (d) perform design validation and verification to assess security and resiliency of the cyber physical system.
Rationale: This standard was created in response to a significant and increasing volume of cyber physical system exploits due to a broad range of attack vectors over the life cycle of the system. Attack vectors are introduced through weaknesses and vulnerabilities in electronic parts and software that could be used to compromise cyber physical system function or gain access to critical and sensitive system information. Attack vectors can be introduced through hostile code at the time of software or firmware updates. Cyber physical systems are susceptible to compromising attacks due to counterfeit tampered electronic parts with embedded malware or hardware Trojans or legitimate components with vulnerabilities due to the design. The Hardware Assurance process described in this standard verifies that electronic components function as intended and are assessed to identify known weaknesses and vulnerabilities, either intentionally or unintentionally designed or inserted as part of the system's hardware and/or its embedded software and/or intellectual property.