Government initiatives play an important role in assuring the safety of autonomous vehicles, for example, US DoT, Automated Vehicles 3.0 that focuses on a wide range of automated vehicles from SAE automation level 1 (driver assistance) to level 5 (full automation).
Standards are currently being developed. SAE J3061 (Cybersecurity Guidebook for Cyber-Physical Vehicle Systems), published in 2016 describes a process framework that can be used to build cybersecurity into vehicle systems. SAE’s Vehicle Electrical System Security Committee is working on SAE J3101 (Requirements for Hardware-Protected Security for Ground Vehicle Applications) to define a common set of requirements. The emerging standard ISO/SAE 21434 (Road Vehicles – Cybersecurity Engineering) defines a framework to ensure a consistent, well defined and robust approach to foster a cybersecurity culture, to manage cybersecurity risks across the complete vehicle lifecycle, to allow adaptation to a continually changing threat landscape and to institute a cybersecurity management system. It will thus address security in product engineering, similarly to how ISO 26262 addresses functional safety. ISO/SAE 21434 is scheduled for publication in 2020 and it will likely replace SAE J3061.
Alliances are formed among vehicle manufacturers and suppliers, providing platforms for developments that require industry-wide co-operation. From the many important forums I’d like to highlight Auto-ISAC, which is one of the important global cybersecurity-focused communities (sharing intelligence and providing best practice guides) and C2C-CC (Car 2 Car Communication Consortium) that focuses on the deployment of Cooperative Intelligent Transport Systems and Services (C-ITS).
Key principles to implement reliable and future-proof automotive security solutions
The industry addresses these security challenges by applying state-of-the-art security principles to automotive design.
Car makers must design and develop end-to-end solutions focusing on the complete system, including also how the cars interact with their environment and other vehicles. A proper security-by-design approach ensures that security is not an afterthought but is designed into every component from day one. The OEM-defined system security concept integrates elements from multiple suppliers, so efficiently driving this system security concept through a complex supply chain is an important element of success.