Part 1 – Uniting operating safety and cybersecurity
Part 2 – “Security By Design”: a pragmatic approach based on analysis, management and constant control of risks
Uniting operating safety and cybersecurity.
With the advent of CAVs (Connected and Autonomous Vehicles), designing and developing effective solutions on-board vehicles is a real challenge, particularly as regards securing on-board systems.
This concept of “securing” translates into the growing requirements for both safety and cybersecurity.
ACTIA is fully aware of the challenges, and is developing the electronic architecture for vehicles that are compatible with cybersecurity and safety standards.
Safety VS Systems security (cybersecurity)
Concepts of security and safety are subject to various interpretations depending on the business sector, personal perceptions and disciplines.
“Safety” generally corresponds to functional safety, also called dependability. Safety consists in reducing accidents by studying faults and errors, and their mitigation.These are related to chance events or actions without malicious intent.
“Security” is associated with the fields of cybersecurity, or digital security, information security, information systems security product security. Cybersecurity mainly entails protecting against deliberate malicious acts, but also error or misuse.
Reconciling the requirements of the two disciplines
In current on-board architectures and systems, it is therefore necessary to reconcile safety requirements, which have incorporated the developments for the latest vehicle generations, in particular the application of the ISO 26262 standard,and Cybersecurity requirements, which are relatively new and have very recently started to be integrated into vehicle developments.
- Reconciling the requirements and practices of these 2 disciplines entails both:
- – using synergies and similarities that exist between them, such as risk-based approaches; formalising, accounting for and tracking analyses and decisions; progressive assurance level according to risks and objectives; integration into business processes; similarity of issues.
- – dealing with the specifics of each discipline (threats and events reference system, analysis methodologies, deliverables, etc.) and any “conflicts” that may exist, such as a cybersecurity filtering function that blocks a flow that is critical in terms of functional safety, etc.).
Within ACTIA, the safety and cybersecurity fields are each organised:
- – Around teams dedicated to each discipline, but which collaborate actively,
- – Around skills shared in the different activities,
Cybersecurity is handled globally through a dedicated company process: the Information Security Management System, which has been ISO 27001 certified since 2018.
“This management system’s objectives and activities include in particular a “Product security” component that specifically deals with cybersecurity issues in on-board architectures and systems. Additionally, this global policy integrates the application of benchmarks that are suited to the industrial context, such as the ANSSI* Industrial Cybersecurity Guide, for instance, or Automotive cybersecurity engineering standards such as ISO/SAE 21 434.”
explains Catherine LEDEUIL, VEA (Vehicle Electronic Architecture) marketing and sales manager.
Threats related to data and communicating systems
New on-board architectures and functions are increasingly complex and automated. We are also seeing increasing use and exchange of data, and interactions inside the vehicle and with its environment. These elements contribute to a substantial increase of the attack surface and cybersecurity risks.
“On-board systems are complex, as they unite cutting-edge software functions and highly disparate hardware resources. Security for on-board systems covers various issues related to protection of circuits and the data generated. ACTIA uses a global security approach: from the technological level to the system level”
says Fabien TRINITÉ, ECU Automation Product Group director.
The next decade will be a turning point for connected on-board systems. Recent events show that there are still multiple challenges to guarantee protection of systems, data processed, and information exchanged. This protection has to cover three areas of application: software platforms, hardware platforms and associated services, the latter of which open up the system to third-party applications. Vehicle-specific information will therefore be shared with an ever-increasing number of stakeholders, with widely differing levels of maturity and cybersecurity practices.
“Through synergy of its vehicle architecture, diagnostics and telematics expertise, ACTIA has developed a good understanding of the digital ecosystem in vehicles. We are able to strengthen our development resources to give manufacturers a high-performance trusted environment. The electronic architecture of the future is to be robust and resilient, which is essential to be able to adapt to threats.”
explains Catherine LEDEUIL.
Automotive regulations and standards: being ready on time
The deployment of new vehicles, road infrastructure, communication and data exchange modes is supported by regulatory changes and major standardisation efforts. In particular, the standards will guarantee system interoperability and maintenance. There are numerous standards organisations, at the national (AFNOR), European (ETSI, CEN) and international (ISO/SAE, IEEE, IETF) levels, that are applicable to transport in general, and are including connected and autonomous vehicles within their working scope.
ACTIA is involved in the current standards framework
The group is developing systems that cover the safety recommendations:
– ISO 26262: relating to road vehicle functional safety;
– ISO 13849 & 25119, regarding specialised machinery;
– ISO/SAE 21434: engineering requirements for cybersecurity for road vehicles*;
– ISO 27001: Information Security Management System
The UN-ECE R155 standard
The UN-ECE R155 regulation, one of the components of the GSR (General Safety Regulation), describe the organisational and technical cybersecurity requirements that must be implemented by manufacturers (OEMs).
These requirements apply to:
– The organisation of the manufacturer/OEM, meaning the implementation of a Cybersecurity Management System (CSMS) covering the systems’ entire life cycle (design, production, series production life cycle),
– The architectures and systems of the vehicle subject to the regulation.
This regulation involves approval by a specialised agency for the different vehicle types (“type approval”) before commissioning, and also management of risks and requirements related to cybersecurity across the entire supply chain throughout the vehicle’s lifespan.
The UNECE R 156 standard
In addition to the UNECE R 155 regulation, according to the same principle, the UN-ECE R 156 regulation relates to management of updates, and entails implementing and maintaining an Update Management System.
“Security requirements for on-board architectures and systems mean it is necessary to guarantee component authenticity and integrity. ACTIA is able to integrate them into its technologies at an early stage. For example, our 4th-generation electronic control-command unit notably takes into account these safety and cybersecurity constraints for the architecture. This new range of ECUs is an initial accomplishment for ACTIA’s process integrating both cybersecurity and safety.” explains Fabien TRINITÉ.
“The standards also advocate and promote collaboration and sharing of efforts between all of the stakeholders in the ecosystem, to implement a sustainable and effective trust model.
However, we should point out that the norms and standards approach functional safety and cybersecurity from a different angle, that is to say:
— for safety, the properties considered are systematic errors (the often-mentioned “bugs”, etc.);
— benchmarks focused on cybersecurity tackle the effects of faults from multiple angles: safety, financial, operational, privacy, etc.
The problem for standardisation lies in the ability to adapt to these multiple issues in the interests of consistency.” adds Catherine LEDEUIL.
* ANSSI: French National Cybersecurity Agency [Agence Nationale de la Sécurité des Systèmes d’Information].
How ACTIA is preparing the electronic architecture for the vehicle of the future.
PART 2 : “Security By Design”: a pragmatic approach based on analysis, management and constant control of risks