Secure Product Development Activities in Automotive

_4889bb4c-3a48-4c0e-9c62-1a654c996971

In automotive cybersecurity, the product development phase is a critical period where the foundations for vehicle security planned during the concept phase are first implemented. The ISO 21434 standard includes Clauses 10 and 11, which outline several key stages for this phase: design, cybersecurity integration and verification, and cybersecurity validation [1]. Each of these stages has specific requirements that OEMs and suppliers must comply with to create secure automotive systems and achieve cybersecurity compliance. However, the standard lacks detailed illustrations of the key activities, making it harder for the industry to implement. In this article, we aim to illustrate the major requirements of the product development phase with proper examples for ease of understanding.

The major activities in the product development phase of ISO/SAE 21434 includes design, cybersecurity integration, cybersecurity verification, and cybersecurity validation. Each of these activities are further illustrated below.

Design

In the design phase, the cybersecurity requirements generated from the concept phase are further refined into cybersecurity specifications, which are then assigned to the overall architecture and its sub-components [2]. By establishing these specifications, security becomes an integral part of the product lifecycle. Few examples of cybersecurity specifications are as follows:

  • Authentication & Authorization: Implement role-based multi-factor authentication mechanism for controlling access to the critical vehicle systems.
  • Data Encryption: Use robust encryption algorithms to encrypt data transmitted between vehicle components and external entities.
  • Secure Boot & Firmware Update: Ensure secure over-the-air update processes that the ECU’s can only boot trusted software.

While developing the product (software/hardware), established and trusted design and implementation principles should be applied to avoid or minimize the introduction of weaknesses. NIST Special Publication 800-160 Vol. 1 provides the examples of secure design principles for architecture design. Once the product is developed, the procedure for ensuring cybersecurity also needs to be established for the users demonstrating how to install, initialize or operate the item/component securely. The cybersecurity specifications allocated to the component or sub-component needs to be analyzed to identify weaknesses and mitigate the risks. Though ISO 21434 does not mandate repeating TARA each layer of the design, it is good practice to account for residual risk through an iterative TARA process [2]. The cybersecurity requirements for the design phase of ISO 21434 are as follows. All the OEMs/Suppliers need to comply with these requirements to achieve Cybersecurity Management System (CSMS) certification and vehicle type approval. 

Requirement

Description

RQ-10-01

Define cybersecurity specification

RQ-10-02

Allocate defined cybersecurity requirement to components

RQ-10-03

Post-development security consideration

RQ-10-04

Tool selection criteria for cybersecurity specifications

RQ-10-05

Tool insufficiency mitigation

RC-10-06

Established and trusted design and implementation principles should be applied to avoid/minimize the weaknesses.

RQ-10-07

Architectural design weakness analysis

RQ-10-08

Cybersecurity specification verification

Cybersecurity Integration

Cybersecurity integration involves embedding security measures and practices into the development process and the system’s architecture, ensuring that security is a fundamental aspect of the product’s design and development rather than an afterthought. Key aspects of this integration include the implementation of security requirements and controls directly into the system’s design and development phases. This also involves adopting secure coding practices, using secure software development life cycle (SDLC) methodologies, and employing various security tools during development. Additionally, the system architecture is designed to include robust security measures such as network segmentation, secure communication protocols, and access controls. For example, during the development of an automotive infotainment system, integrating cybersecurity might involve implementing encryption for data storage, using secure coding practices to prevent common vulnerabilities, and incorporating intrusion detection systems (IDS) within the vehicle’s network to monitor and respond to potential threats.

Cybersecurity Verification

In the context of ISO 21434, cybersecurity verification represents a systematic process aimed at ensuring the effectiveness and compliance of implemented security measures within automotive systems. This verification process involves rigorous testing and validation activities to ascertain that the system meets specified security requirements and is resilient against potential cyber threats. Key aspects of cybersecurity verification include conducting various security tests, such as static and dynamic analysis, penetration testing, and vulnerability scanning, to identify and mitigate weaknesses and vulnerabilities. Additionally, validation efforts focus on verifying that security controls are correctly implemented and align with the security objectives outlined during the system’s design phase. By adhering to the principles outlined in ISO 21434, automotive manufacturers can systematically verify the cybersecurity measures implemented in their systems, thereby enhancing the overall security posture and resilience of their products against cyber threats. For a look at automated verification tools and pre-written scripts that check against UN R155, check out VSEC Test. The following ISO 21434 cybersecurity requirements must be addressed by the OEMs/Suppliers while doing integration and verification activities.

Requirement

Description

RQ-10-09

Verification of requirements fulfillment

RQ-10-10

Integration and verification specification

RQ-10-11

Test coverage metrics

RC-10-12

Verification of weakness minimization

RQ-10-13

Documented rationale for not testing

Cybersecurity Validation

Cybersecurity validation in the automotive industry ensures that a vehicle’s security features perform effectively in real-world scenarios and meet the intended security objectives. This process involves comprehensive testing and assessment to confirm that the implemented security measures adequately protect against identified threats and vulnerabilities. Key aspects of cybersecurity validation are as follows.

End-to-End Security Testing

End-to-end security testing serves the vital purpose of validating that the entire vehicle system meets security requirements and functions as intended. This comprehensive testing approach involves integrating all vehicle components, including ECUs, infotainment systems, and telematics units, to ensure they work seamlessly together to provide a secure environment. An example of this is simulating a complete vehicle network operation to validate communication protocols and data integrity across different systems. By conducting end-to-end security testing, automotive manufacturers can verify the effectiveness of their security measures and ensure that the vehicle is resilient against cyber threats throughout its operational lifecycle.

Operational Testing

The purpose of this phase is to evaluate the vehicle’s security performance under real-world operational conditions. Field testing is a key activity conducted to test the vehicle in various driving scenarios and environments, assessing the effectiveness of security measures in practical situations. For example, conducting road tests where potential attack scenarios are simulated, such as GPS spoofing or remote hacking attempts, allows for the validation of the vehicle’s defenses against these threats. By performing such assessments, automotive manufacturers can gain insights into the robustness of their security measures and make necessary adjustments to enhance the vehicle’s overall security posture.

Penetration Testing

Penetration testing serves the critical purpose of identifying and exploiting vulnerabilities in the vehicle’s systems to evaluate their resilience to cyber-attacks. This proactive approach involves conducting external and internal penetration tests, where attacks are performed from both outside and inside the vehicle network to pinpoint weak points in the security defenses. For instance, attempting to exploit vulnerabilities in the telematics system to gain unauthorized access to the vehicle’s control units is an example of such testing. By conducting thorough penetration tests, automotive manufacturers can uncover potential security loopholes and vulnerabilities, allowing them to strengthen their defenses and mitigate the risk of cyber threats effectively.

Penetration testing is highly specialized and usually reserved only for Cybersecurity Assurance Level 3 (CAL3) & higher or on items of special safety concern. It’s important to know your own team’s limitations and decide how to accomplish these activities. Not only does Block Harbor’s cybersecurity labs team provide comprehensive verification and validation testing, but they’ve helped multiple companies build their own labs and capabilities to do this in-house. ISO 21434 provides the following cybersecurity validation requirements to the industry to be compliant with.

Requirement

Description

RQ-11-01

validation activities

RQ-11-02

validation activities rationale

Differences Between Cybersecurity Verification and Validation

In automotive cybersecurity, verification and validation serve distinct but complementary purposes. Cybersecurity verification focuses on ensuring that security measures are correctly implemented according to specified requirements. This involves activities such as static and dynamic code analysis, penetration testing, and compliance checks to confirm that each security control functions as intended and adheres to industry standards. Conversely, cybersecurity validation aims to ensure that the overall security system effectively meets the intended security objectives in real-world scenarios. This includes end-to-end testing, operational testing under various driving conditions, penetration testing, and user acceptance testing to confirm that the integrated system protects against actual threats and aligns with stakeholder expectations. While verification is concerned with the correctness of individual security implementations, validation assesses the effectiveness and robustness of the entire security architecture in practice.

Conclusion

In the product development phase of ISO 21434 standard, the design stage involves creating detailed blueprints that incorporate cybersecurity principles. Cybersecurity integration and verification ensure that security measures are correctly implemented and tested throughout development. Finally, cybersecurity validation confirms that the entire system meets security objectives and functions effectively in real-world scenarios. By adhering to ISO 21434, manufacturers can systematically address cybersecurity risks and build vehicles that are robust, safe, and compliant with industry standards.

Reference

[1] ISO 21434 – Road Vehicle Cybersecurity

[2] Automotive Cybersecurity Engineering Handbook – Dr. Ahmad MK Nasser

[3] https://blockharbor.io/blog/

[4] https://vsec.blockharbor.io/

[5]https://unece.org/transport/documents/2021/03/standards/un-regulation-no-155-cyber-security-and-cyber-security