Setting the Standard for Automotive Cyber SecurityJune 28, 2018
It is well known that the modern connected vehicle is already heavily connected and therefore vulnerable to cyber threats. As we look towards the future, the automotive industry is driving with the pedal to the metal toward Advanced Driver Assisted Systems (ADAS) and fully autonomous vehicles. They promise safer and less expensive travel for billions of people the world over. OEMs, dealerships, aftermarket parts and service providers, application developers, insurance companies, fleet operators, governments and a multitude of other players are focused on the direction of this market that is developing faster than an Indy car in the straightaway. In fact, experimental autonomous vehicles are already traveling alongside us on the highways. The road ahead is not entirely clear, but the industry is accelerating toward an exciting future of autonomous mobility.
At GuardKnox, we have determined that the key enabler for securing not only the vehicles of today, but also the vehicles of the future is automotive cyber security. Without it, the next generation of vehicles will not be safe enough, nor our personal information protected enough, to make it to the next intersection.
We see a future of vehicle cyber security standards that will at once:
- Protect our personal information
- Improve the safety of our vehicles and our driving
- Enable plug-and-play capabilities between a wealth of new products and services
- Cut the costs of vehicle and fleet ownership, use, and maintenance
- Make our road-travel experience more convenient and enjoyable
We find that the automotive industry is woefully behind in establishing requisite vehicle cyber security standards and requires a massive effort to catch up to the rest of the autonomous-vehicle juggernaut.
Who Sets Standards?
The Common Criteria for Information Technology Security Evaluation (“Common Criteria”) is an international standard technically known as ISO/IEC 15408. Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous manner. Common Criteria enables vendors to test the security aspects of their products and receive impartial evaluations ideally enabling OEMs and others to create lists of approved vendors and products that may be included/downloaded/connected to their vehicles.
Just like in the mobile phone industry, we can foresee vast play stores for downloadable vehicle apps that will enhance our traveling experience at every level imaginable and will be secure enough to prevent misuse leading to vehicle hacking.
GuardKnox Involvement: ISO/SAE Joint working group
It took 20 years for seat belts to become common in vehicles, but we don’t have 20 years for cyber security standards to evolve.
GuardKnox is an active member of the ISO/SAE joint working group, ISO-TC22-SC32-WG11. This working group’s mission is to create a new standard, ISO-SAE 21434: Road vehicles – Cybersecurity Engineering.
The Goals of this initiative are detailed below.
Targeted effects on automotive industry:
- Give a uniform definition of notions relevant to automotive security
- Specify minimum requirements on security engineering process and activities and define – wherever possible – criteria for assessment
- Describe the state of the art of security engineering in automotive E/E development
The future standard shall:
- Common and internationally agreed understanding of automotive cybersecurity engineering
- Sufficient rigor as a reference for legislative institutions; ensure legal certainty
While ISO/IEC 15408 serves as the best baseline for an automotive cyber security standard, the current ISO/IEC 15408 spec to be too abstract and not entirely applicable to today’s environment. (The last update to the standard was in 2015 and the automotive industry has made tremendous progress since then.) Updates need to be coming fast and furious so as not to hold up the drive toward autonomous vehicles and other connected-car conveniences.
GuardKnox has a lot to contribute to the Common Criteria, making it speak to today and tomorrow’s needs. We actively participate in all four subgroups of the ISO/SAE working group:
- Risk Management addresses cyber security classifications and establishes the rules for information sharing.
- Product Development sets the cyber security goals for each of the classifications, provides item and scope definitions, and designates product use cases for risk review.
- Operation and Maintenance designates use cases for risk review in the operation domain and elaborates timing and tasks for incident response.
- Process Overview and Interdependencies determines the organization and structure of the standard, provides guidance for referencing other standards, defines the exact meaning of the terms “assessment” and “review”, and defines management of the risk competency within an organization
Cyber Security is an intrinsic aspect of safety
GuardKnox takes a leading position on cyber security safety standards. We are guiding the Common Criteria toward recognition that safety and cyber security, while complementary, constitute significantly different risk levels and need to be addressed separately.
Safety speaks in terms of functional requirements and percentages of reliability, e.g., the brakes have to work 99.999% of the time. Real-time protection against failure is critical (our lives are at stake). Rule-based firewalls and other IT-related cyber security techniques are not acceptable means of security in such safety-critical functions.
Safety is a Top Priority
Whenever they are connected to the outside world, vehicles require cyber security. Connected vehicles resemble IT networks and, as such, are open systems, i.e., open to communications from the outside anytime. However, safety-critical functions in the same vehicles must be treated like closed systems, just like fighter jets and other military-grade systems. While open systems must be updated constantly with the latest threat intelligence and rules, closed systems must be impervious to attack at all times. They are air-gapped and protocol- and technology-agnostic. They do not rely on threat intelligence updates or after-the-event incident response.
GuardKnox’s Communication Lockdown™ methodology eliminates risks to the safety of the vehicle, enforcing a formally verified and deterministic configuration of communication among the various networks within the vehicle. We are leading Common Criteria toward recognition of the especially high level of risk associated with safety-critical functions and the mandate for a fully deterministic solution to protect us as we travel.