Securing the Software-Defined Vehicle
SDV engineers can learn from the Internet of Things.
Old car models with mechanical components are rapidly giving way to the increasingly software-defined vehicle (SDV) with features that not only allow drivers and passengers to stay connected to the digital world but to enjoy a safer and easier journey with automated driving features (see Figure 1).
With increasing connectivity comes greater exposure to cybersecurity risks, as attested by the Internet of Things (IoT). It wasn’t so long ago when the conveniences of mobile connectivity seemed like a real boon, from banking and buying bespoke brands just a click away. That was until cybercrimes became a bane and a scourge, estimated to cost the global economy more than US $20 trillion a year by 2026, a 1.5x increase compared to 2022, according to Statista. These staggering dollar amounts represent hard lessons learned, and the automotive industry is stepping up on preemptive efforts to secure the next big data mine on wheels: the SDV.
Securing SDVs is extremely challenging, as increased connectivity means an increased number of potential attack interfaces (see Figure 2). Not only are cyber-hacking tools more advanced, but attackers are also moving beyond direct attacks against individual vehicles to target fleets, mobility applications, and services.
Evolving regulations and standards
Until the recent past, there were no global automotive cybersecurity standards, leaving automakers and their Tier 1 supply chain to develop their own cybersecurity testing requirements. In 2020, the United Nations’ World Forum for Harmonization of Vehicle Regulations (WP.29) introduced an automotive cybersecurity regulatory framework for OEMs.
For example, UN Regulation 155 (UN R155) mandates rigorous cybersecurity management system audits for automakers and their suppliers. It also requires automakers to obtain "vehicle type approval", which involves auditors conducting tests on vehicle products sharing the same electrical architecture. As recently as September 2021, SAE and the International Organization for Standardization (ISO) jointly published the ISO/SAE 21434 standard.
Automakers and their key suppliers must comply with UN R155 regulations while ISO/SAE 21434 is a set of guidelines. Both must go hand-in-hand if automakers want to bring new vehicle models to market.
Exactly how can automakers and Tier 1s translate both regulation and standards into action to secure the software-defined vehicle? The automotive industry has the benefit of leveraging learnings from cybersecurity experts who have been trying to stay ahead of hackers since the Internet of Things arrived. For example, the non-profit cybersecurity advocate group Open Web Application Security Project has an OWASP Top 10 list of vulnerabilities that automakers reference to secure the various attack interfaces of the software-defined vehicle. Table 2 shows the OWASP Top10 list, and the tests that automakers can implement for boosting automotive cybersecurity:
Putting security to the test
Testing is an essential part of the UN R155 automotive cybersecurity management system (CSMS). Different systems must be thoroughly tested, from onboard hardware like physical in-vehicle networks, electronic control units, and EV charging ports through all layers of the open systems interconnection (OSI) stack. Multiply that with different threat scenarios and design iterations, the list of tests is extensive.
To manage the exhaustive lists of tests and be able to manage and pass audit trails, automakers, and their suppliers are turning to turnkey automotive cybersecurity test solutions. These solutions comprise electronic systems and software to emulate a victim vehicle and hacker(s). They typically comprise these key elements (see Figure 3):
- Wireless and wireline signal emulators and analyzers to simulate and monitor the vehicle’s communication systems
- Reconnaissance and exploitive attack servers
- Application and threat intelligence library from which different attacks can be selected and scheduled
- Automation and tracking platform to manage test data and results for reporting and auditing
Early detection saves money – and reputation
Taking a page off the history of the Internet of Things, and in more recent times, the smartphone, where millions of dollars are lost daily to scammers and hackers, securing the connected smart vehicle of the future is both important and urgent. IoT and the smartphone changed the way we live. There is no going back to an off-grid world for most of us, despite the dangers of cyber exploitations.
SDVs will likely expand upon the connected way of living for us. Hopefully, with lessons learned on how to secure our connected world, automakers and their key suppliers can stay many steps ahead of cybercriminals waiting to exploit both individual car owners and organizations that run fleets and associated transportation systems and electric vehicle supply equipment. Rigorous testing throughout a vehicle’s life cycle will minimize the risks of automotive cyberattacks and help keep automakers and service providers off the headlines of who’s been hacked.
Hwee Yng Yeo is industry and solutions marketing manager at Keysight Technologies.
Top Stories
INSIDERDefense
Army Launches CMOSS Prototyping Competition for Computer Chassis and Cards
ArticlesElectronics & Computers
Microchip’s New Microprocessor to Enable Generational Leap in Spaceflight...
INSIDERSoftware
The Future of Aerospace: Embracing Digital Transformation and Emerging...
ArticlesMaterials
Making a Material Difference in Aerospace & Defense Electronics
EditorialSoftware
Making Machines Software-Defined No Simple Task
INSIDERRF & Microwave Electronics
Germany's New Military Surveillance Jet Completes First Flight
Webcasts
Power
Phase Change Materials in Electric Vehicles: Trends and a Roadmap...
Automotive
Navigating Security in Automotive SoCs: How to Build Resilient...
Automotive
Is Hydrogen Propulsion Production-Ready?
Unmanned Systems
Countering the Evolving Challenge of Integrating UAS Into Civilian Airspace
Power
Designing an HVAC Modeling Workflow for Cabin Energy Management and XiL Testing
Defense
Best Practices for Developing Safe and Secure Modular Software
Similar Stories
NewsElectronics & Computers
NewsUnmanned Systems
Making Software-Defined Vehicles Cyber-Secure
INSIDERManufacturing & Prototyping
Anduril Takes Software-Defined Approach to Hyperscale Defense Manufacturing