Part 1 – Uniting operating safety and cybersecurity
Part 2 – “Security By Design”: a pragmatic approach based on analysis, management and constant control of risks
“Security By Design”: a pragmatic approach based on analysis, management and constant control of risks
With the advent of CAVs (Connected and Autonomous Vehicles), designing and developing effective solutions on-board vehicles is a real challenge, particularly as regards securing on-board systems.
Illustration of ACTIA’s “Security By Design” approach by two experts who provide their insights into the technological realities inherent to connected vehicles.
An integrated security approach is critical for the automobile industry
ACTIA is constructing a CTI (Cyber Threat Intelligence) process that consists in collecting, organising, and analysing information related to cybersecurity risks and threats.
This process, used upstream of the life cycle, allows attacks and threats to be taken into account in the initial risk analysis, and appropriate protective measures to be defined from the design and development phases.
In the series production phase, it guarantees orchestrated resiliency, adaptation of the architecture to changes in these new attacks or vulnerabilities.
At the same time, ACTIA is embedding cybersecurity requirements and best practice into its design and development processes.
“Systems in connected and semi-autonomous vehicles can now generate and process significant quantities of information of various kinds: data that is mostly supplied by sensors on-board the vehicles, but also location data and image streams, not to mention data related to e-mail, SMS, entertainment, etc.
Processing this information entails extensive communications between the various systems that are internal and external to the vehicle on-board architectures. Securing these communications is a key challenge due to the vulnerabilities and the attack surface inherent in these technologies.
Integrity and confidentiality of information carried on the networks is a critical issue for connected vehicles. As a result, ACTIA natively integrates data and communication protection requirements and measures from the very start, and throughout the life cycle of the vehicle architectures and systems.”
explains Fabien TRINITÉ, ECU Automation Product Group director.
These approaches allow a multitude of protective provisions to be established.
- – firewall and flow-filtering functions in interfaces with external networks;
- – intrusion attempt or other threat (virus) detection and prevention functions;
- – securing the vehicle’s CAN bus, the system boot and updates;
- – protection of integrity of vehicle diagnostic inputs (OBD, etc.);
- – protection of internal communications (between ECUs), of communications between the vehicle and information systems, or communications between vehicles and infrastructure (V2X), particularly with encryption and electronic signature;
- – protection of the integrity of on-board ECUs (including data and program protection);
- – globally, securing the information systems involved in the operation of connected and autonomous vehicles.
In concrete terms, these protective measures meet the objectives of protecting the system from a set of threats, such as reprogramming ECUs through unauthorised access, or modification to communications through network attacks.
These threat scenarios can lead to incidents affecting vehicle operation (able to cause accidents or financial losses), or users (theft of personal data)
Early detection and correction of faults
“Protection levels may be extremely complex. The development model based on “Security by Design” is theoretically built according to a pragmatic approach based on risk analysis and constant control of risks throughout the vehicle’s life cycle.
ACTIA has long developed know-how regarding security of on-board systems. The group is also heavily involved in cybersecurity innovations and technological advances.”
underlines Fabien Trinité.
“I would add that we are able to support our customers in these integrated cybersecurity approaches, acting as a real partner when it comes to these subjects. To this end, ACTIA uses a risk analysis methodology and requirement traceability tools, which make it easier to manage these aspects throughout the life cycle of the product. These tools highlight the need for intensive collaboration with all of the stakeholders, and the emergence of a new service-based economic model: monitoring, control and patches related to new threats.”says Catherine LEDEUIL, VEA (Vehicle Electronic Architecture) marketing and sales manager.
According to its vision, ACTIA develops and offers the solutions that enable a response to its customers’ cybersecurity issues.
These measures naturally result in integrating cybersecurity activities into its processes and the company culture, implementing security functions in the systems, and also providing cybersecurity services throughout the life cycle of the product.
It remains critical for the automobile industry to take cybersecurity fully into account, to be able to quickly react and make vehicles secure.
Automotive manufacturers have a huge network of suppliers and a high degree of interdependence with the supply chain, so it is essential for them to maintain a highly collaborative environment in which each stakeholder in the chain adopts a consistent and sustainable security approach.
Key points about ACTIA’s security approach for on-board systems:
- – A global approach for securing on-board systems, combining safety and cybersecurity standards, including an active contribution to the standardisation environment;
- – Design and development processes incorporating “security by design”, taking into account the constraints of a very open world;
- – Functions that, by default, ensure system and data authenticity and integrity, based on standardised, recognised and verifiable trust mechanisms;
- – Cybersecurity integrated into the company culture;
- – The capacity to support customers via a comprehensive service offering, from risk analysis to maintaining security, and Cyber Threat Intelligence, that is aligned with the emergence of a sustainable new economic model.
Read or read again : Uniting operating safety and cybersecurity.Visit public transport website