Abstract
Today many connected and automated vehicles are available and connectivity features and information sharing is increasingly used for additional vehicle-, maintenance- and traffic safety features. This highly connected networking also increase the attractiveness of an attack on vehicles and the connected infrastructure by hackers with different motivations and thus introduces new risks for vehicle cybersecurity.
Highly aware of this fact, the automotive industry has therefore taken high efforts in designing and producing safe and secure connected and automated vehicles. Therefore the domain invested efforts in the development of industry standards to tackle automotive cybersecurity issues and protect their assets. The joint working group of the standardization organizations International Organization for Standardization (ISO) and Society of Automotive Engineers (SAE) has recently established and published a committee draft of the “ISO-SAE Approved new Work Item (AWI) 21434 Road Vehicles - Cybersecurity Engineering” standard. In addition to that SAE is also working on a set of cybersecurity guidance, ISO is addressing specific automotive cybersecurity related topics in additional standards and European Telecommunications Standards Institute (ETSI) and International Telecommunication Union (ITU) is working on security topics of connected vehicles. Further activities are national and international regulations on Automotive Cybersecurity. In the course of this document, a review of the available work and ongoing developments is given and the outline of the automotive cybersecurity framework is given. The aim of this work is to provide a position statement for discussion of available standards, methods and recommendations for automotive cybersecurity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
National Highway Traffic Safety Administration: Cybersecurity best practices for modern vehicles. Report No. DOT HS 812, 333 (2016)
Automotive iQ: Automotive Cyber Security - Dedicated eBook for the Cyber Security professional (2017). https://www.automotive-iq.com/events-automotive-cyber-security/downloads/complete-automotive-cyber-security-ebook
Comité des constructeurs français d’automobile: Extended Vehicle (ExVe) and Standardisation, May 2019. https://ccfa.fr/dossiers-thematiques/extended-vehicle-exve-and-standardisation. Accessed 13 May 2019
Ebert, C., Jones, C.: Embedded software: facts, figures, and future. IEEE Comput. Soc. 0018–9162(09), 42–52 (2009)
Hunjan, H.: ISO/SAE 21434 automotive cybersecurity engineering, July 2018. http://2pe5rtjld2w41m0dy17n5an1-wpengine.netdna-ssl.com/wp-content/uploads/2018/07/8_Renesas_Automotive-Cyber-Security-Standardistation-v1.0.pdf. Accessed 12 May 2019
IHS Automotive: Automotive Cybersecurity and Connected Car Report (2016)
International Electrotechnical Commission: IEC 62443: Industrial communication networks - network and system security
International Standardization Organization: ISO 27000 series, information technology - security techniques
ISO: ISO 20828 (2006). https://www.iso.org/standard/41891.html?browse=tc. Accessed 13 May 2019
ISO - International Organization for Standardization: ISO 26262 Road vehicles Functional Safety Part 1–10. Technical report, International Organization for Standardization (2011)
ITU: Methodologies for intrusion detection system on in-vehicle systems, February 2019. https://www.itu.int/itu-t/workprog/wp_item.aspx?isn=14395. Accessed 12 May 2019
ITU: Security requirements for vehicle accessible external devices, February 2019. https://www.itu.int/itu-t/workprog/wp_item.aspx?isn=14394. Accessed 12 May 2019
ITU: Security aspects for Intelligent Transport System, May 2019. https://www.itu.int/en/ITU-T/studygroups/2017-2020/17/Pages/q13.aspx. Accessed 12 May 2019
ITU: Security guidelines for the Ethernet-based in-vehicle networks, May 2019. https://www.itu.int/itu-t/workprog/wp_item.aspx?isn=14819. Accessed 13 May 2019
ITU: Security guidelines for V2X communication systems, February 2019. https://www.itu.int/itu-t/workprog/wp_item.aspx?isn=13549. Accessed 12 May 2019
ITU: Security guidelines for vehicular edge computing, February 2019. https://www.itu.int/ITU-T/workprog/wp_item.aspx?isn=14396. Accessed 12 May 2019
ITU-T: Itu-t x.1373secure software update capability for intelligent transportation system communication devices (2017). https://www.itu.int/rec/T-REC-X.1373/en. Accessed 12 May 2019
Krzeszewski, J.T.: ISO 21434 - current status. Recording of a Presentation at the 3rd Vector Automotive Cybersecurity Symposium, April 2019. https://youtu.be/2MaG5D1kLt0?t=760. Accessed 12 May 2019
Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: A review of threat analysis and risk assessment methods in the automotive context. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 130–141. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45477-1_11
Macher, G., Messnarz, R., Armengaud, E., Riel, A., Brenner, E., Kreiner, C.: Integrated safety and security development in the automotive domain. In: SAE Technical Paper. SAE International (2017). http://papers.sae.org/2017-01-1661/
Schmittner, C., Griessnig, G., Ma, Z.: Status of the development of ISO/SAE 21434. In: Larrucea, X., Santamaria, I., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2018. CCIS, vol. 896, pp. 504–513. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_43
Schmittner, C., Ma, Z., Reyes, C., Dillinger, O., Puschner, P.: Using SAE J3061 for automotive security requirement engineering. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 157–170. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45480-1_13
Scuro, G.: Automotive industry: innovation driven by electronics (2012). http://embedded-computing.com/articles/automotive-industry-innovation-driven-electronics/
Secretary of TF-CS/OTA UNECE WP29: Draft Recommendation on Cyber Security of the Task Force on Cyber Security and Over-the-air issues of UNECE WP.29 IWG ITS/AD, April 2018. https://wiki.unece.org/pages/viewpage.action?pageId=58524794. Accessed 27 Mar 2019
Secretary of TF-CS/OTA UNECE WP29: Draft Recommendation on Software Updates of the Task Force on Cyber Security and Over-the-air issues of UNECE WP.29 IWG ITS/AD, September 2018. https://www.unece.org/fileadmin/DAM/trans/doc/2018/wp29grva/GRVA-01-18.pdf. Accessed 27 Mar 2019
TC 56: IEC 60812 Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA). Technical report, International Organization for Standardization (2006)
TC 56: IEC 61025 Fault tree analysis (FTA). Technical report, International Organization for Standardization, December 2006
TC 65: IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems. Technical report, International Organization for Standardization
Vehicle Electrical System Security Committee: SAE J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems. Technical report, SAE (2016)
Acknowledgments
This work is supported by the DRIVES, Afarcloud and the PRYSTINE projects. The Development and Research on Innovative Vocational Educational Skills project (DRIVES) is co-funded by the Erasmus+ Programme of the European Union under the agreement 591988-EPP-1-2017-1-CZ-EPPKA2-SSA-B. Afarcloud and the PRYSTINE are funded under the ECSEL programm by the ECSEL JU and FFG (grant agreement nr 783221 and nr 783190).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Schmittner, C., Macher, G. (2019). Automotive Cybersecurity Standards - Relation and Overview. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2019. Lecture Notes in Computer Science(), vol 11699. Springer, Cham. https://doi.org/10.1007/978-3-030-26250-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-26250-1_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26249-5
Online ISBN: 978-3-030-26250-1
eBook Packages: Computer ScienceComputer Science (R0)