Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
- Ground Vehicle Standard
Defining a complete lifecycle process framework that can be tailored and utilized within each organization’s development processes to incorporate Cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning.
Providing information on some common existing tools and methods used when designing, verifying and validating cyber-physical vehicle systems.
Providing basic guiding principles on Cybersecurity for vehicle systems.
Providing the foundation for further standards development activities in vehicle Cybersecurity.
Appendices A-C - Describe some techniques for Threat Analysis and Risk Assessment, Threat Modeling and Vulnerability Analysis (e.g., Attack Trees) and when to use them.
Appendices D-I - Provide awareness of information that is available to the Vehicle Industry.
Appendix D - Provides an overview of sample Cybersecurity and privacy controls derived from NIST SP 800-53 that may be considered in design phases.
Appendix E - Provides references to some available vulnerability databases and vulnerability classification schemes.
Appendix F - Describes vehicle-level considerations, including some good design practices for electrical architecture.
Appendix G -Lists current Cybersecurity standards and guidelines of potential interest to the vehicle industry.
Appendix H - Provides an overview of vehicle Cybersecurity-related research projects starting from 2004.
Appendix I - Describes some existing security test tools of potential interest to the vehicle industry.
Defines a complete lifecycle process framework that can be tailored and utilized within each organization’s development processes to incorporate cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning.
Provides high-level guiding principles.
Provides information on existing tools and methods.
Provides the foundation for further standards development.
|Ground Vehicle Standard||Considerations for ISO 26262 ASIL Hazard Classification|
|Ground Vehicle Standard||Handbook for Robustness Validation of Automotive Electrical/Electronic Modules|
|Technical Paper||Writing Good Technical Safety Requirements|
Data Sets - Support Documents
|Table 1||Example incident handling checklist (15)|
|Table 2||EVITA severity classes|
|Table 3||Rating of attack potential and attack probability|
|Table 4||Cybersecurity risk graph for privacy, financial, and operational Cybersecurity threats|
|Table 5||Controllability classifications of safety-related threats|
|Table 6||Portion of risk graph for safety-related threats|
|Table 8||Correlation of OCTAVE phases (21) and process steps to NIST SP 800-30 (16)|
|Table 9||Mapping between STRIDE threats and security attributes|
|Table 10||Applying the TL parameters to estimate threat level|
|Table 11||Estimating the threat level (TL)|
|Table 12||Impact level parameter - safety|
|Table 13||Impact level parameter - financial|
|Table 14||Impact level parameter - operational|
|Table 15||Impact level parameter - privacy and legislation|
|Table 16||Estimating impact level (IL)|
|Table 18||Examples of deriving Cybersecurity requirements|
|Table 21||Example spreadsheet of EVITA risk assessment at feature level|
|Table 24||Example of attack tree structure for “malicious intentional vehicle disable”|
|Table 25||Threats associated with the OBD use case|
|Table 26||Risk rating of the OBD use case based on the HEAVENS methodology|
|Table 27||Asset, threat, security attribute and security level for the OBD use case|
|Table 28||Sample list of potential security control families & controls for vehicle industry|
|Table 29||Sample list of potential privacy control families & controls for vehicle industry|
|Table 30||Example on abstraction levels concerning software security issues|
|Table 31||Examples of dictionary and terminology sources for vulnerability databases|
|Table 32||Examples of Vulnerability Databases|
|Table 33||Examples of Vulnerability Classification Schemes|
|Table 34||Cybersecurity standards and guidelines that may be useful to the vehicle industry|
|Table 35||Vehicle Cybersecurity-relative research projects (2004 to present)|
|Table 36||Sample categories of security test tools|
TEVEES18A has been an excellent forum for building consensus on matters of significance in automotive cybersecurity with relevant stakeholders in the cybersecurity, IT, and automotive communities. The work has culminated in two noteworthy publications SAE J3061 and the joint SAE/ISO 21434 standard on road vehicle cybersecurity. With the publication of the SAE/ISO Standard, we have rechartered this Committee to continue to leverage this excellent group of people and focus on the next frontiers that require attention.The Committee will continue to support and evangelize SAE/ISO 21434. This includes ongoing monitoring for public opportunities to further the message of SAE/ISO 21434, vehicle systems cybersecurity and those areas identified during the standardization activity requiring additional discussion and development. This also specifically includes internal support of SAE/ISO 21434 to other relevant SAE committees. To avoid diluting efforts and overlap with other ongoing efforts, the committee resolves to limit efforts to the below proposed charter tasks, as well as the ongoing tasks of collaboration, education, and outreach of core SAE/ISO 21434. The efforts of this committee will be subdivided into additional task groups as needed. The focus of the task force would be to discuss and develop relevant tasks that fall under the new charter and are identified as focus areas by the committee. Agendas for meetings are to be set on a “round robin” basis and rotate between the topics as they develop. Prioritization among the topics will be dynamic and change as the topics develop. All charter tasks are to be related to vehicle electrical systems, vehicular environments, including infrastructure external to the vehicle, if it could have any influence on the cybersecurity of the vehicle, and which are not already addressed by other SAE committees. Examples include, but are not limited to cloud/server systems that interface with the vehicle which can impact vehicle behavior, operation, configuration, etc., such as manufacturing processes, PKI/KMS systems, systems to update vehicle firmware/software/maps, telematics, remote monitoring/control, etc. Vehicles is the term used for all road worthy vehicles, heavy duty, commercial, single, and multi-passenger, automated connected vehicles, and driverless vehicles. If a task or topic is already addressed by another SAE committee, TEVEES18A will collaborate with that committee, as appropriate through a liaison to ensure proper coordination of efforts. The committee reserves the right to expand scope to other vehicles not explicitly identified above. The following tasks/areas are of focus: ● Development of training material, and other guidance documents for ISO/SAE 21434 and vehicle cybersecurity systems. ● Updates/additions to ISO/SAE 21434 e.g., refinement/updates of existing topics, additional topics (e.g., “Target Attack Feasibility”). ● Any topic where additional guidance or standardization would be beneficial to the vehicle industry. ● Collaborate with other SAE committees and external Standards Development Organizations (SDOs).