Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
- Ground Vehicle Standard
Defining a complete lifecycle process framework that can be tailored and utilized within each organization’s development processes to incorporate Cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning.
Providing information on some common existing tools and methods used when designing, verifying and validating cyber-physical vehicle systems.
Providing basic guiding principles on Cybersecurity for vehicle systems.
Providing the foundation for further standards development activities in vehicle Cybersecurity.
Appendices A-C - Describe some techniques for Threat Analysis and Risk Assessment, Threat Modeling and Vulnerability Analysis (e.g., Attack Trees) and when to use them.
Appendices D-I - Provide awareness of information that is available to the Vehicle Industry.
Appendix D - Provides an overview of sample Cybersecurity and privacy controls derived from NIST SP 800-53 that may be considered in design phases.
Appendix E - Provides references to some available vulnerability databases and vulnerability classification schemes.
Appendix F - Describes vehicle-level considerations, including some good design practices for electrical architecture.
Appendix G -Lists current Cybersecurity standards and guidelines of potential interest to the vehicle industry.
Appendix H - Provides an overview of vehicle Cybersecurity-related research projects starting from 2004.
Appendix I - Describes some existing security test tools of potential interest to the vehicle industry.
|Ground Vehicle Standard
|Considerations for ISO 26262 ASIL Hazard Classification
|Ground Vehicle Standard
|Road Vehicles - Cybersecurity Engineering
|Ground Vehicle Standard
|Hardware Protected Security for Ground Vehicles
Data Sets - Support Documents
TEVEES18A has been an excellent forum for building consensus on matters of significance in automotive cybersecurity with relevant stakeholders in the cybersecurity, IT, and automotive communities. The work has culminated in two noteworthy publications SAE J3061 and the joint SAE/ISO 21434 standard on road vehicle cybersecurity. With the publication of the SAE/ISO Standard, we have rechartered this Committee to continue to leverage this excellent group of people and focus on the next frontiers that require attention.The Committee will continue to support and evangelize SAE/ISO 21434. This includes ongoing monitoring for public opportunities to further the message of SAE/ISO 21434, vehicle systems cybersecurity and those areas identified during the standardization activity requiring additional discussion and development. This also specifically includes internal support of SAE/ISO 21434 to other relevant SAE committees. To avoid diluting efforts and overlap with other ongoing efforts, the committee resolves to limit efforts to the below proposed charter tasks, as well as the ongoing tasks of collaboration, education, and outreach of core SAE/ISO 21434. The efforts of this committee will be subdivided into additional task groups as needed. The focus of the task force would be to discuss and develop relevant tasks that fall under the new charter and are identified as focus areas by the committee. Agendas for meetings are to be set on a “round robin” basis and rotate between the topics as they develop. Prioritization among the topics will be dynamic and change as the topics develop. All charter tasks are to be related to vehicle electrical systems, vehicular environments, including infrastructure external to the vehicle, if it could have any influence on the cybersecurity of the vehicle, and which are not already addressed by other SAE committees. Examples include, but are not limited to cloud/server systems that interface with the vehicle which can impact vehicle behavior, operation, configuration, etc., such as manufacturing processes, PKI/KMS systems, systems to update vehicle firmware/software/maps, telematics, remote monitoring/control, etc. Vehicles is the term used for all road worthy vehicles, heavy duty, commercial, single, and multi-passenger, automated connected vehicles, and driverless vehicles. If a task or topic is already addressed by another SAE committee, TEVEES18A will collaborate with that committee, as appropriate through a liaison to ensure proper coordination of efforts. The committee reserves the right to expand scope to other vehicles not explicitly identified above. The following tasks/areas are of focus: ● Development of training material, and other guidance documents for ISO/SAE 21434 and vehicle cybersecurity systems. ● Updates/additions to ISO/SAE 21434 e.g., refinement/updates of existing topics, additional topics (e.g., “Target Attack Feasibility”). ● Any topic where additional guidance or standardization would be beneficial to the vehicle industry. ● Collaborate with other SAE committees and external Standards Development Organizations (SDOs).