Automotive Cybersecurity

“Secure By Design” and New Automotive Architecture Meet Automotive Quality

April 14, 2022

The paradigm shift in the automotive industry is changing the way vehicles are built from the traditional model to a software-based design. This change brings with it new safety and security concerns that go beyond road-safety and protection in the event of accidents to include cybersecurity threats. For the industry to maintain its commitment to the safety and security of drivers, pedestrians and passengers, it will have to adopt and embrace new ways to monitor the quality of all vehicle parts - both hardware and software - that make up the new generation of vehicles.

In a world where software is the key component in the structure of an automobile, it is crucial for these cars to be built “secure by design” with safety and security features as key parts of the design process. If potential risks are anticipated and addressed from the start, rather than as an afterthought, vehicles will be safer and costs will be lower.

From Quality Control to Quality Management

In the early days of manufacturing, products were checked as they came off the production line. Defect-free products were shipped to the customer and defective products were discarded. Because defects were only identified once the product was complete, the entire defective product would go to waste and a new one would have to be produced, leading to high costs.

Quality control was invented to add checks and controls earlier in the production process in order to identify and rectify any problems at an earlier stage and lower costs. This eventually evolved into what is now called quality management and includes standards and globally-mandated requirements that all designers and manufacturers must abide by. 

Generally in modern safety-oriented industries, including in the automotive industry, these standards are developed by a task force of major producers and large OEMs. Specifically in the automotive industry, this task force of producers and OEMs is called the International Automotive Task Force (IATF). Comprised of BMW, GM, Daimler, and others, its purpose is to create a common language that can be used along the entire supply chain. For example, the task force set the IATF16949 standards which provides designers and manufacturers with requirements they must follow when designing and building ECUs and other products needed for vehicle production.

Because cars today are so heavily reliant on software and electronics, it is more important than ever that the entire supply chain, from part designers to manufacturers like OEMs and Tier 1s speak a ‘common language’. If everyone uses the same language, the needs and expectations of the OEMs and Tier 1s are clear and the designers can provide higher quality output faster. The entire process is streamlined with smooth interactions and little chance of misunderstandings.

There are fewer defects and higher quality products, quality standards and best practices are implemented as part of the common language.

What Happens when New Quality Regulations are Passed?

New quality regulations stem from a new need. These needs can vary from satisfying customers quality requirements through meeting internal processes, safety, reliability and environmental requirements until complying with regulations.

For example, ISO26262 was developed to ensure functional safety throughout the automotive product lifecycle from the start of design through production and until decommissioning. Once a need is identified, a dedicated group of interested parties convene along with other working groups and industry experts for discussions that can last months or even years before they come to an agreement on a set of requirements that eventually become the official standards.

Once the regulations are passed, each company has to do their own assessment to determine whether the new standards apply to them and in what capacity. Most automotive companies have a quality manager who is an expert in this field and whose job it is to study the new standards and translate them into procedures for the company to follow.

Quality issues can mean the difference between success and failure for an automotive company. If quality management is done well, the company is likely to succeed, but if it is done poorly, there is a high chance of failure, so needless to say automotive companies take quality very seriously. 

Changes in Regulations for Software-Defined Vehicles

As automobile manufacturing shifts from hardware-focused to software-focused, different types of quality regulations are needed. The automobile industry is known for its conservative nature, and the shift from monolithic to zonal architecture is a huge change that has taken years to implement. 

The regulatory process in the automobile industry is conservative as well, with each new standard taking significant time and effort to be finalized and passed. While changes in quality regulations due to the new types of cars will be necessary, there will be a delay between the introduction of new architectures and the changes to the standards.

These new changes must emphasize the cybersecurity risks that are integral to software-defined vehicles. Those involved in creating the regulations must first gain a strong understanding of the cybersecurity landscape and the potential threats that face cars that are so heavily connected to the internet.

It took 20 years for seat belts to become common in vehicles, but 20 years is a luxury we can’t afford when it comes to defining and adhering to cyber security standards.

GuardKnox was an active member of the ISO/SAE joint working group, ISO-TC22-SC32-WG11, which published the standard for Cybersecurity Engineering in Road Vehicles: ISO-SAE 21434. In addition to helping lead the way in defining what it means for a vehicle to be secure, all of GuardKnox’s solutions are developed with security in mind enabling our partners to develop new vehicles that are secure by design and come off the production line ready to be driven without putting the drivers in either physical or cyber-danger.

Speed vs. Quality: It’s Not a Competition

In a competitive market, there is always the pressure to be first to market with new products and features. But this speed to market should not mean a need to compromise on quality. On the contrary, to succeed in the conservative, safety-oriented automotive industry, it is important to integrate quality methods and best practices into fast development.

Focusing on quality from the beginning and creating a secure-by-design product will allow the next generation of automakers to provide safe and reliable products to satisfied customers.

At GuardKnox, we are proud of our ‘Zero Defects Culture’ and strive to comply with all automotive certifications and standards. Learn more about our commitment to quality here.
Lets’s Talk