Search Results

As the need for automotive assurance continues to grow, it becomes necessary to develop approaches which can provide assurance cases in a systematic and efficient manner. In the case of cybersecurity, this problem is exacerbated by the increasing complexity of vehicular onboard systems, their inherent obscurity due to their heterogenous architecture, emergent behaviors, and the disparate motivations and resources of potential threat agents. Furthermore, the advancement of connected autonomous vehicles (CAV) may allow external attackers to leverage the naïve trust ECUs have for adjacent devices to compromise the safety and security of the vehicle. To that end, there is an increased interest in automatically producing threat models such as attack trees, which usually rely on intensive expert driven construction or rudimentary formally defined processes, to identify potential threats to a vehicle.

An essential part of an effective cybersecurity engineering process is testing the implementation of a system for vulnerabilities and validating the effectiveness of countermeasures. The SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems provides a recommended framework which organizations can use to implement a cybersecurity engineering process, which includes activities such as integration and testing, penetration testing and verification/validation of cybersecurity requirements at the hardware, software and system levels. This presentation explores the different kinds of testing that are appropriate at each of these process steps and discusses some important differences between cybersecurity testing and more familiar forms of testing.

Industries, regulators, and consumers alike see cybersecurity as an ongoing challenge in our digital world. Protecting and defending computer assets against malicious attacks is a part of our everyday lives. From personal computing devices to online financial transactions to sensitive healthcare data, cyber crimes can affect anyone. As technology becomes more deeply embedded into cars in general, securing the global automotive infrastructure from cybercriminals who want to steal data and take control of automated systems for malicious purposes becomes a top priority for the industry. Systems and components that govern safety must be protected from harmful attacks, unauthorized access, damage, or anything else that might interfere with safety functions. Automotive Cybersecurity: An Introduction to ISO/SAE 21434 provides readers with an overview of the standard developed to help manufacturers keep up with changing technology and cyber-attack methods.