Recent advances in the manufacturing of autonomous vehicles, connected vehicles and electric vehicles (EVs) has made vehicle architecture more complex. The increasingly sophisticated integration of software in vehicles is creating an opening for cyber attackers to cause malfunctions. For example, the recent Jeep hack was executed in a controlled environment in which the integration of software made the vehicle vulnerable to cyberattacks. Similarly, a disgruntled employee in an automotive manufacturing company in Texas remotely disabled hundreds of cars by disrupting the functioning of a connected vehicle platform. Since digital capabilities are critical to connected cars, cyber criminals are even interfering with the working of car door locks, headlights, sunroofs and other components. A recent attack was executed through the Wi-Fi system of a vehicle, allowing the attacker to control lights, disable alarms and unlock doors. Another area that is vulnerable to attacks is the passenger car unit (PCU) that can be exploited for identity theft through a data center compromise.
A focus on cybersecurity is increasingly critical to ensure the necessary measures are in place to prevent attacks throughout the lifecycle of a vehicle. This means securing the production process beyond the development lifecycle. Project-specific cybersecurity management should begin with a cybersecurity assessment to determine if security requirements are implemented at the vehicle level or a component level.
Next-generation automotive manufacturers tend to integrate a number of third-party solutions, often from niche technology vendors or start-ups. These solutions often align with four pillars of mobility: autonomous, connected, electric and shared. These are sometimes referred to as ACES. Standards such as ISO 21434 neutralize cybersecurity vulnerabilities associated with these external components under the parameters for distributed cybersecurity activities. These parameters apply to the supplier/vendor capabilities, which leads to a more streamlined process for selecting solutions and aligning responsibilities for the overall vehicle security.
Overview of the standards
ISO 21434 and WP.29 are the standards used to secure connected vehicles. The draft version of ISO 21434 was launched in February 2020, and the final version is expected in Q3 2021. ISO 21434 defines standards for new vehicle types launched by OEMs from Q3 2022 and for any new vehicle from Q3 2024. The WP.29 is primarily enforced in Europe; the draft, which was released in June 2020, specifies requirements for all connected vehicles around mitigating cybersecurity risks from the beginning to the end of the lifecycle of any auto model. The two industry standards overlap significantly in their mandates to monitor, detect and respond to cyber threats, each providing relevant data to support the analysis of an attempted or a successful cyberattack. The data supports an audit mechanism or a login mechanism, enabling a cybersecurity analyst to investigate and understand the methodology related to a particular incident.
Under these new guidelines, organizations in the automotive and transportation ecosystems would need to create a cybersecurity management system (CSMS), defining policies and procedures. The CSMS details, along with all evidence and auditable references, would need to be produced during the approval of a vehicle type. The guidelines ensure that procedures are in place for an identified risk and are not limited to a particular vehicle type. This is followed by testing the cybersecurity infrastructure for a vehicle type, which includes penetration testing, fuzzing and security assessment across the ECU level, PCU level, infotainment level, communication level, and the vehicle in general.
It is necessary to plan the proper test cases. Continuously assess the durability of the protection. With the evolving nature and increasing sophistication of cyberattacks, the built-in security control for a present-day vehicle may not be adequate.
An organization needs to have a strategy to monitor the common vulnerabilities and exposures (CVE) database and stay updated on the evolving cyber threat landscape. It also needs to undertake a thorough analysis to identify if a vehicle might be vulnerable to new types of cyberattacks and find ways of mitigating the threats. Mitigation activities, such as creating relevant patches and upgrading patches, should be streamlined to adhere to the regulations.
Adherence to regulations by OEMs and suppliers to prevent cyberattacks
As stated earlier, the guidelines – as defined under ISO 21434 and WP.29 – overlap, compelling OEMs and Tier 1 suppliers to reexamine their cybersecurity strategies to span development and postproduction phases. ISO 21434 does not address security on a component or project level alone; it addresses cybersecurity as a part of an organization’s culture.
Managing project-specific cybersecurity (security for a specific vehicle type) should include design, development, testing, production and post-production phases. The regulations also encompass risk assessment. A focus on cybersecurity at the concept or design levels helps the product engineering phase address threat mitigation. Also, the regulations make sure the responsibility of cybersecurity is shared by suppliers as well. As a result, OEMs need to ensure the components sourced from a supplier are compliant with ISO 21434 and are in keeping with the overall security management of a complete vehicle.
The WP.29, on the other hand, encompasses four major areas: 1) managing vehicle cyber risks, 2) detecting and responding to a post-production security incident, 3) mitigating risks along the value chain by adopting secure-by-design concept (engaging suppliers), and 4) providing safe and secure over-the-air (OTA) updates. The four areas need to be addressed along two lines: first, by defining policies and procedures for organizations to follow with a CSMS; and second, by undertaking assessment and categorization of a risk once it is identified. At the project level, adherence to WP.29 needs to be specified for a manufacturer across areas such as risk assessment at a component level, and then scaled up.
Cybersecurity in product engineering, manufacturing engineering and post-production activities
ISO 21434 is gradually becoming integral to the V-cycle of vehicle development ― relevant from the vehicle conceptualization phase, throughout the validation phase, to adherence to cybersecurity concepts and requirements. ISO 21434 defines cybersecurity goals across the vehicle production lifecycle ― concept design, architecture design, hardware and software architecture definition and design requirement ― simultaneously validating each and every step. Finally, the process is concluded with thorough penetration testing, fuzzing and vulnerability assessment.
The WP.29 guideline spans the post-development phases as well ― the cyber defense mechanism for a vehicle post launch must be addressed during the development and planning phase. Such measures would cover loopholes, such as a compromise to keys that are punched, vulnerabilities around operations and maintenance processes and sophisticated threats. The WP.29 focuses on a number of distributed activities, including how an enterprise evaluates supplier capabilities, aligns responsibilities and adheres to guidelines. Once a component is delivered, the OEM receives guidance on how the supplier audited, tested and standardized the component. Furthermore, the standard also addresses how to decommission a particular vehicle or component.
Mandating a detailed and secure OTA/SOTA mechanism
The WP.29 mandates a detailed process for software updates, particularly an OTA upgrade, that every OEM must follow with the help of a software update management system (SUMS) for vehicles on the road. The SUMS must be secured, thoroughly tested and managed to prevent breaches or attacks. Also, the delivery mechanism of an OTA upgrade package has to be secure, with the OEM ensuring the integrity and authenticity of the package being sent. As the OTA package is encrypted, signed and encoded prior to sending it to a vehicle or component, it assures an additional layer of security. Then the package is decoded, the signature validated, the file decrypted, and finally the decrypted file handed over to the update manager. The software identification number has to be protected and a mechanism for reading that from the data should be put in place by the OEM.
WP.29 has adopted a structured methodology around CSMS OTA and has mandated that vehicle manufacturers follow five parameters:
- Identify and mitigate supplier-related risks through a cybersecurity risk assessment and mitigation framework
- Possess detailed risk assessment and mitigation strategy with demonstrable test results
- Produce design and the corresponding design process for a particular vehicle type
- Maintain data forensic capabilities across post-production activities that showcase the way a vehicle is monitored, vulnerabilities are detected, and protection is ensured against cyberattacks
- Formulate measures to detect and respond to a specific cyberattack associated with a particular vehicle, the backend system or the complete ecosystem.
The WP.29 looks at a few other areas as well, such as managing software updates, informing a user about an update or the availability of the update, ensuring the availability of sufficient power to complete the update and the capability of a vehicle to conduct the update. It also covers how to safely execute an update, including a rollback mechanism if an update fails.
Overlap between standards and the role of system integrators
A number of systems integrators such as LTTS have created frameworks to draw similarities between WP.29 and ISO 21434 to help OEMs and Tier 1 suppliers adhere to the standards. For example, LTTS has identified eight areas of WP.29 that can be mapped to various processes and clauses of ISO 21434 ― covering everything from organization-wide cybersecurity to a security as it relates to a particular vehicle type. It encompasses the processes for monitoring, detecting and responding to cyberthreats and the processes needed to capture relevant data to support the analysis of security breaches.
Systems integrators first tend to analyze the threat landscape for a vehicle model or the specific component they are going to develop for a client. A thorough threat assessment and risk analysis should help create a mitigation strategy, architecture and high- and low-level design (HLD and LLD). For cases in which the component development is already in progress and security is not included in the scope, systems integrators carry out a gap analysis after performing threat assessment and risk analysis (TARA). This is followed by the definition phase, in which the framework and processes are defined, along with the training of the engineers and the process is piloted and refined to adhere to organizational requirements. Finally, the processes are implemented as a part of product engineering.
Most of the global systems integrators have been working with automotive OEMs and Tier 1s for decades and can be expected to streamline the roll out of the process with the required training. A rich experience in engineering and R&D services is required to measure the process and analyze potential threats and provide implementation and validation support for cybersecurity. This involves laying out various sub-processes for a component or a vehicle type, such as TARA, HLD, LLD, architecture design, product process, post-production strategy and supplier and product validation strategy.
The biggest existing challenge when it comes to cybersecurity in connected mobility is the lack of awareness about the nuances of the ISO 21434 and WP.29 standards. A number of important market participants across the global automotive value chain are not aware of the regulatory standards or the possibilities for ensuring adherence among their suppliers. This creates a whitespace of opportunities for systems integrators and consulting companies that can step in to ensure this adherence and enable enterprises to define their cybersecurity policies and validate them. The value proposition would be simplified and comprehensive cybersecurity plans for OEMs.
ISG notes that several Tier 1 suppliers are confused by the actions of OEMs tightening their policies regarding compliance to ISO 21434 and WP.29. For instance, vehicle infrastructure components such as wireless chargers, if hacked, can compromise multiple critical components. This is compelling OEMs to ensure these components comply with the security guidelines under the relevant standards.
Threat assessment and risk analysis is another area of heightened significance. Suppliers need the capability to design complete security systems – including defining a cybersecurity plan, TARA, component-specific security and cybersecurity specifications – so they can offer vulnerability assessments that span software/hardware and system level architecture design and the overarching product engineering. Providers have an opportunity to grow their cybersecurity plans to cover security verification and validation, production and control, and post-production.
A number of next-generation automotive cybersecurity technology suppliers have emerged around the world, providing agentless, cloud-based solutions with proprietary data analytics platforms. These companies, such as Israel-based Upstream, also are exploring possibilities with other enterprise segments such as insurance. With the availability of fleet, telematics and consumer data, these companies can engage analytics engines to pinpoint the most appropriate automobile insurance policies for the end-user.
As a part of the upcoming study, Manufacturing Industry Services 2021, ISG Provider Lens analyzes this space from a product perspective. The study analyzes product and solution vendors from across the mobility security market on their ability to provide threat analysis to enterprises and components such as advanced driver-assistance systems (ADAS), ECUs and EV battery systems to OEMs and Tier 1 suppliers.