Introduction
ISO/SAE 21434 addresses cybersecurity risks in road vehicles, offering guidelines for managing these risks throughout the vehicle lifecycle. With the ISO/SAE 21434 standard providing a roadmap for cybersecurity risk management, it’s crucial for Original Equipment Manufacturers (OEMs) and Suppliers to evaluate the cyber relevance of their products. Before diving into a Threat Analysis and Risk Assessment (TARA), it’s important to assess whether it is a requirement as per the current standards and regulations, not all components or features require a detailed cybersecurity risk assessment. This blog post delves into identifying features and modules critical for safety and security, emphasizing the necessity for a TARA.
Importance of Cyber Relevancy
Cyber relevance refers to the importance and impact of a component or system in the context of cybersecurity. Evaluating cyber relevancy involves assessing the potential risks and threats associated with each feature or ECU, ensuring that all critical components are adequately protected. A critical component is one whose failure or compromise could lead to significant safety, security, or operational risks, making it essential to safeguard against potential cyber threats.
Identifying and securing critical components within a vehicle is essential to ensuring both safety and security. By following the guidelines set out in ISO/SAE 21434 and other related standards, automotive manufacturers can mitigate potential cyber threats effectively. In addition to this, it will help analysts determine if a threat analysis and risk assessment is required based on the regulations.
Safety and Security Features in Focus
Vehicles are equipped with a variety of features integral to the safety and security of the vehicle and its occupants. These include:
- Safety Mechanism Activation: Functions that deploy airbags or trigger emergency braking systems are essential for mitigating the effects of accidents.
- Signal Generation for Safety Systems: These signals may initiate traction control or stability management functions to prevent loss of control.
- Access Control: Mechanisms that manage the locking mechanisms for doors and hatches, ensuring both security from theft and controlled access in emergencies.
- Operational Controls: Systems that manage the operation of windows, sunroofs, and compartments, which may serve as emergency exits or ventilation systems in critical situations.
- Energy Management: Features designed to disconnect charging systems to prevent electrical hazards and manage the risks associated with battery operation, like overcharging or gas accumulation.
Essential Safety and Security Systems/Modules
Identifying modules that hold critical importance is the first step towards cybersecurity assurance:
(Note: Additional components may also be defined as critical depending on the specific requirements and identity of the project.)
- Powertrain Control Module (PCM): Governs engine and transmission systems, any compromise here can have drastic consequences.
- Restraint Control Module (RCM): Controls the deployment of safety restraints, critical for occupant protection during a collision.
- Power Steering Control Module (PSCM): An essential component for the maneuverability of the vehicle.
- Anti-lock Braking System (ABS): Maintains control during braking, preventing wheel lockup.
- Electronic Control Gate (ECG): Acts as a gateway controller, managing communication between various E/E modules.
- Body Control Module (BCM): Manages various electronic accessories in the vehicle, often interacting with other critical components.
- Battery Management System (BMS): Oversees the operation and safety of the battery pack, crucial for electric vehicles and hybrid systems.
Examples of Cybersecurity Candidates
Let’s look at some examples of components that could be vulnerable to cyber threats:
- Motion Control Modules: ESC units with ASIL ratings for vehicle stability.
- Internal Network Connections: ECUs on a CAN network managing critical functions like airbag deployment.
- External Network Connections: V2X modules for communication with infrastructure.
- Wireless Sensors/Actuators: NFC-based key fobs, which, if unsecured, can be targets for relay attacks.
Cybersecurity Assessment Procedure
When assessing automotive components for cybersecurity and functional safety, it is crucial to follow a structured approach. The following steps outline the key considerations to ensure a comprehensive evaluation of each component:
Steps:
- Initial Evaluation:
- Assess if the item in question is an electronic/electrical (E/E) component, like an infotainment application or an ECU.
- Contribution to Safety Operations:
- Evaluate the component’s role in operational safety, e.g., the ABS module’s crucial role in ensuring safe braking.
- Data Collection/Processing:
- Determine whether the component handles sensitive data, such as GPS systems managing location information.
- Networked Function Implementation:
- Consider the component’s connectivity and network interactions, securing systems like telematics against remote exploits.
Cybersecurity Relevancy Questionnaire
To help determine the cybersecurity relevance of various vehicle components and features, the following questionnaire can be used.
| Vehicle Bus Connectivity |
| Does the feature or ECU connect to a public vehicle bus (e.g., LIN, CAN)? |
| How frequently does it communicate over the vehicle bus? |
| What types of messages are sent and received over the vehicle bus? |
| Are these messages encrypted or authenticated? |
| External Interfaces for Data Exchange |
| Does the feature or ECU have external interfaces for data exchange (e.g., Wi-Fi, Bluetooth)? |
| What security measures are in place for these interfaces (e.g., encryption, authentication)? |
| Is user interaction required for data exchange through these interfaces? |
| Can the external interfaces be disabled? If so, under what conditions? |
| Contribution to Safe Operation |
| Does the feature or ECU contribute to the safe operation of the vehicle (e.g., braking)? |
| What specific safety functions does it control or influence? |
| How does it ensure redundancy and failsafe operation? |
| Regulatory and Standards Compliance |
| Are the logical controls of the feature or ECU governed by regulatory requirements or industry standards? |
| Which specific regulations or standards apply (e.g., ISO 26262, ISO/SAE 21434)? |
| How is compliance with these regulations or standards verified and documented? |
| Handling of Sensitive or Personal Data |
| Does the feature or ECU handle sensitive or personal data (e.g., driver information, PII)? |
| What types of sensitive data are processed or stored? |
| How is this data protected (e.g., access controls, encryption)? |
| Are there data retention policies and procedures in place? |
| Networked Functions and Remote Connectivity |
| Does the feature or ECU have networked functions or remote connectivity? |
| What types of remote connections are supported (e.g., cellular, over the air (OTA) updates)? |
| What security measures protect these remote connections (e.g., VPN, secure boot)? |
| Can remote connections be monitored and audited? |
| Integration with Critical Systems |
| Is the feature or ECU part of a critical system (e.g., braking system, power steering)? |
| How does it interact with other critical systems within the vehicle? |
| What are the potential impacts of a failure or compromise of this feature or ECU on overall vehicle safety and functionality? |
| Software Updates and Patching |
| How are software updates and patches managed for the feature or ECU? |
| Are updates performed over the air or require physical access? |
| How is the integrity and authenticity of updates ensured? |
Conclusion
Adhering to the guidelines set by ISO/SAE 21434 is essential for identifying, assessing, and mitigating cybersecurity risks throughout the vehicle lifecycle. The process of evaluating cyber relevancy helps OEMs and Tier 1 suppliers focus on the most critical components and features, ensuring that these are adequately protected against potential cyber threats.
Identifying safety and security-critical modules, such as powertrain control, restraint control, and battery management systems, ensures that essential vehicle functions remain secure and resilient against attacks. A structured cybersecurity assessment procedure, combined with a thorough understanding of each component’s role in the vehicle’s operation, is vital in safeguarding against cyber threats that could compromise safety and performance.
Ultimately, a robust cybersecurity strategy that includes evaluating the cyber relevancy of each component, not only protects the vehicle and its occupants but also fosters trust in the automotive industry. By continuously refining these processes and adhering to established standards, automotive manufacturers and suppliers can better protect their products, enhance safety, and lead the way in secure vehicle design.
Need Support?
Block Harbor is here to help with any TARA related activities. Block Harbor now offers a TARA package that includes a detailed Cybersecurity Relevance guidance as well other guidance and template documentation. Contact us here for more information.