This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
- Ground Vehicle Standard
Published January 14, 2016 by SAE International in United States
Downloadable datasets availableAnnotation ability available
This recommended practice provides guidance on vehicle Cybersecurity and was created based off of, and expanded on from, existing practices which are being implemented or reported in industry, government and conference papers. The best practices are intended to be flexible, pragmatic, and adaptable in their further application to the vehicle industry as well as to other cyber-physical vehicle systems (e.g., commercial and military vehicles, trucks, busses). Other proprietary Cybersecurity development processes and standards may have been established to support a specific manufacturer’s development processes, and may not be comprehensively represented in this document, however, information contained in this document may help refine existing in-house processes, methods, etc.
This recommended practice establishes a set of high-level guiding principles for Cybersecurity as it relates to cyber-physical vehicle systems. This includes:
Defining a complete lifecycle process framework that can be tailored and utilized within each organization’s development processes to incorporate Cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning.
Providing information on some common existing tools and methods used when designing, verifying and validating cyber-physical vehicle systems.
Providing basic guiding principles on Cybersecurity for vehicle systems.
Providing the foundation for further standards development activities in vehicle Cybersecurity.
The appendices provide additional information to be aware of and may be used in helping improve Cybersecurity of feature designs. Much of the information identified in the appendices is available but some experts may not be aware of all of the available information. Therefore, the appendices provide an overview of some of this information to provide further guidance on building Cybersecurity into cyber-physical vehicle systems. The objective of the overviews is to encourage research to help improve designs and identify methods and tools for applying a company’s internal Cybersecurity process.
Appendices A-C - Describe some techniques for Threat Analysis and Risk Assessment, Threat Modeling and Vulnerability Analysis (e.g., Attack Trees) and when to use them.
Appendices D-I - Provide awareness of information that is available to the Vehicle Industry.
Appendix D - Provides an overview of sample Cybersecurity and privacy controls derived from NIST SP 800-53 that may be considered in design phases.
Appendix E - Provides references to some available vulnerability databases and vulnerability classification schemes.
Appendix F - Describes vehicle-level considerations, including some good design practices for electrical architecture.
Appendix G -Lists current Cybersecurity standards and guidelines of potential interest to the vehicle industry.
Appendix H - Provides an overview of vehicle Cybersecurity-related research projects starting from 2004.
Appendix I - Describes some existing security test tools of potential interest to the vehicle industry.
Refer to the definitions section to understand the terminology used throughout the document.
To provide a cybersecurity process framework and guidance to help organizations identify and assess cybersecurity threats and design cybersecurity into cyber-physical vehicle systems throughout the entire development lifecycle process. Defines a complete lifecycle process framework that can be tailored and utilized within each organization’s development processes to incorporate cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning. Provides high-level guiding principles. Provides information on existing tools and methods. Provides the foundation for further standards development.
|Ground Vehicle Standard||Considerations for ISO 26262 ASIL Hazard Classification|
|Ground Vehicle Standard||Handbook for Robustness Validation of Automotive Electrical/Electronic Modules|
|Technical Paper||Writing Good Technical Safety Requirements|
Data Sets - Support Documents
|Table 1||Example incident handling checklist (15)|
|Table 2||EVITA severity classes|
|Table 3||Rating of attack potential and attack probability|
|Table 4||Cybersecurity risk graph for privacy, financial, and operational Cybersecurity threats|
|Table 5||Controllability classifications of safety-related threats|
|Table 6||Portion of risk graph for safety-related threats|
|Table 8||Correlation of OCTAVE phases (21) and process steps to NIST SP 800-30 (16)|
|Table 9||Mapping between STRIDE threats and security attributes|
|Table 10||Applying the TL parameters to estimate threat level|
|Table 11||Estimating the threat level (TL)|
|Table 12||Impact level parameter - safety|
|Table 13||Impact level parameter - financial|
|Table 14||Impact level parameter - operational|
|Table 15||Impact level parameter - privacy and legislation|
|Table 16||Estimating impact level (IL)|
|Table 18||Examples of deriving Cybersecurity requirements|
|Table 21||Example spreadsheet of EVITA risk assessment at feature level|
|Table 24||Example of attack tree structure for “malicious intentional vehicle disable”|
|Table 25||Threats associated with the OBD use case|
|Table 26||Risk rating of the OBD use case based on the HEAVENS methodology|
|Table 27||Asset, threat, security attribute and security level for the OBD use case|
|Table 28||Sample list of potential security control families & controls for vehicle industry|
|Table 29||Sample list of potential privacy control families & controls for vehicle industry|
|Table 30||Example on abstraction levels concerning software security issues|
|Table 31||Examples of dictionary and terminology sources for vulnerability databases|
|Table 32||Examples of Vulnerability Databases|
|Table 33||Examples of Vulnerability Classification Schemes|
|Table 34||Cybersecurity standards and guidelines that may be useful to the vehicle industry|
|Table 35||Vehicle Cybersecurity-relative research projects (2004 to present)|
|Table 36||Sample categories of security test tools|
* Redlines comparisons are available for those standards listed in the Revision History that contain a radio button. A redline comparison of the current version against a revision is accomplished by selecting the radio button next to the standard and then selecting 'compare'. At this time, Redline versions only exist for some AMS standards. SAE will continue to add redline versioning with ongoing updates to SAE MOBILUS.