Steps Engineers Need to Take to Ensure Automotive Cybersecurity

Smart, connected cars are loaded with digital systems and embedded software. This trend is only picking up speed as we continue in the race to autonomous vehicles.

Although the automotive industry has benefited from the new features and value electronics provide, the increased amount of software and connectivity has created numerous openings for cyberattack.

Between the recent headlines focusing on automotive hacking and a new industry standard for automotive cybersecurity, we need to get serious about mitigating digital attacks.
 

Why Should We Pay More Attention to Automotive Cybersecurity?

Vulnerabilities provide attackers with the opportunity to trigger a fault when they want to.

With serious consequences on the line, who is responsible for designing electronic systems that are protected from these kinds of attacks?

That job falls to automotive electronics engineering teams. They work to securely integrate dozens of digital components, including:

• Navigation systems
• Infotainment systems
• Braking systems
• Other critical functions

These engineers must confirm that signals and controls are seamlessly combined in a way that optimizes and safeguards not only each component, but the entire electronics architecture.
 

Upcoming Industry Standards Are Placing Additional Focus on Security

The upcoming ISO 21434 standard (Road vehicles — Cybersecurity engineering) will force every OEM and electronics system provider to consider automotive cybersecurity as part of the product development process.

Engineers need a new process designed to meet growing cybercrime challenges. 

This new ISO standard is being developed for system-level security to guarantee that automotive electronics engineers are doing an adequate job. ISO 21434 will ensure that engineers have arrived at a secure electronics architecture and have documented all their modeling and verification activities.

Recent headlines, as well as the new standard, are placing unprecedented pressures on electronics engineers in the auto industry. Additionally, traditional workflows are inadequate to meet these new demands. What’s needed is a new modeling solution and an associated set of best practices designed specifically to meet the growing cybercrime challenge.
 

Mitigate Threats via a Smart Cybersecurity Strategy

In conducting this analysis, engineers assess a wide range of attack scenarios, then determine potential risks that might occur in these scenarios. These steps include:

1. Identify the assets inside vehicle systems
   • Such as braking, steering, lighting, HVAC, GPS navigation and infotainment systems
2. Discover the system-level vulnerabilities
   • Find interfaces that place these assets and their performance at risk
3. Understand the consequences
   • Determine what could happen when these vulnerabilities, at the system and component levels, are exploited
4. Estimate the potential likelihood of an attack
   • Assess the effort needed to execute it
5. Define a risk level for each threat
   • Calculate both the likelihood of an attack and the potential consequences
6. Plan and execute appropriate cybersecurity measures
   • Guard against all identified risks, beginning with those that have the highest risk levels

Early adoption of this process will improve the safety and security of in-vehicle systems as well as help companies assume a competitive edge in the industry.

To learn more about each step in the process, watch the recorded webinar: 6 Steps to a Smart Cybersecurity Strategy for In-Vehicle Systems.

To learn more about how to systematically perform threat analysis and risk assessment, read the white paper: Improving Cybersecurity for Automotive Electronics Systems via Ansys medini analyze.