The automotive industry is dealing with the implementation of cybersecurity. New tasks and responsibilities are being established at the level of the organization, in divisions and departments, and at the project level. Suddenly, many different roles have to deal with cybersecurity. Often, specialists from the Functional Safety/ISO 26262 area are involved, and suddenly they have to deal with automotive cybersecurity engineering and ISO/SAE 21434. How do you get started?
- I. A very short side note: What is functional safety in automotive development?
- II. Cybersecurity as a new domain in the vehicle
- III. HARA and TARA
- IV. Sum Up: Functional Safety and Cybersecurity. What is the most important difference?
Dealing with cybersecurity in the automotive sector often starts with regulations, standards, norms and rules. Which seems confusing at first.
But that is understandable. As in other industries, such as aerospace or medicine, the same applies to vehicles: safety and security are indispensable. By taking the right approach (starting with development and continuing through production to ongoing operation in the field), it is essential to ensure safety and security consistently. Actually, this has been a necessity since the invention of the automobile.
One domain that has seen enormous professionalization over the past 15 years – not least thanks to the ISO standard ISO 26262 Road Vehicles – Functional Safety, which has already been revised in the meantime – is the field of functional safety.
A very short side note: What is functional safety in automotive development?
Functional safety answers the question: Does the vehicle function as it should and is everything as safe as possible? At the end of the day, functional safety is about ensuring only desired processes while reducing the risk of unintended hazards, e.g. malfunctions, as much as possible.
Cybersecurity as a new domain in the vehicle
With new technologies in the car, increasing connectivity and the ambition for autonomous functions, new challenges are arising. Cybersecurity is becoming a quality factor. For cyber-secure engineering, the key question is: How can everything be secured to such an extent that risks (resulting from both, targeted and unintentional errors) can be managed as well as possible?
Functional safety and cybersecurity in the automotive industry
What sounds quite similar in theory, in practice, however, are often different (safety and security) goals and related work activities in automotive development.
Accordingly, the question of how similar or different functional security and cybersecurity are is being asked intensively in the industry. Inside organizations and also in the minds of those responsible.
Contrary to each other are often the assumptions:
- On the one hand, everything is completely different, Functional Safety and Cybersecurity are two completely different areas,
- and on the other hand, the assumption that both can be controlled and managed almost identically.
One thing is certain, however: Functional Safety and Cybersecurity may have a similar basis, but they go in different directions in the lifecycle of a vehicle (and beyond).
HARA and TARA
The following applies to both Functional Safety and TARA (Threat Analysis and Risk Assessment, or TARA for short) in the area of cybersecurity: The basis for a systematic approach is the precise consideration of possible hazards and risks. A structured identification and analysis of hazards and risks must be carried out.
Hazard Analysis and Risk Assessment
In the field of functional safety, this specific step is called Hazard Analysis and Risk Assessment (HARA). In this process, potential hazards that are potential sources of harm are identified. The risk associated with the identified hazards is assessed. Safety goals are then derived from the HARA. These are top-level safety requirements at the vehicle level. Each identified hazard is assigned an ASIL safety level (Automotive Safety Integrity Level, ASIL for short) along the risk classification scheme.
Here it is a question of
- the severity of the impact (“Severity” / S),
- the frequency (“Exposure” / E),
- and the controllability of the malfunction (“Controllability” / C).
Once the safety goals have been derived, they serve as the basis for the functional safety concept.
Threat Analysis and Risk Assessment
In cybersecurity, on the other hand, what is called Threat Analysis and Risk Assessment (TARA) is performed to identify potential threats, evaluate the risk associated with them, and determine the paths taken to attack. This results in cybersecurity goals and requirements. The objectives then serve as the basis for the cybersecurity concept.
Since we are dealing with a somewhat different subject matter in the context of cybersecurity, the considerations of TARA differ from those of HARA. For example, TARA focuses on the description of attacks and attack paths, considers the required expertise and access possibilities of an attacker as well as the duration of the penetration into the system.
At the same time, outputs from HARA (e.g., findings related to severity) can be reused for working on TARA.
In addition, it should be noted that HARA is performed at the vehicle level, while TARA can be performed both at the vehicle level and at the component level. You can also watch our video course on Threat Analysis And Risk Assessment In Automotive Cybersecurity and get an overview on how the TARA helps identify cyber risks in compliance with Clause 15 of ISO/SAE 21434:2021.
Sum Up: Functional Safety and Cybersecurity. What is the most important difference?
Generally speaking, the same applies to both approaches: Certain steps at the conceptual level are comparable here:
- and then set goals.
Both disciplines require verification and evaluation, separate from usually performance- and efficiency-driven development, to confirm that functional safety and security goals have been met.
To sum up: Both domains require experience and comprehensive know-how, which finds its way into automotive development projects depending on the organization, structure and process.
With a growing understanding of the contents of ISO/SAE 21434 and UN Regulation No 155/CSMS, one insight becomes clear: the width and depth of the aspects that need to be considered in terms of cybersecurity in some aspects exceed the issues of functional safety.
To give an example here, something like
- an undiscovered weakness implemented during development,
- a malicious USB stick brought in during production,
- a tampered over-the-air update during operation in the field
- or insufficient data protection during decommissioning.
The deeper you go into the subject of automotive cybersecurity, the clearer statements can be made.
This initial general overview only scratches the surface of these two huge topics for the automotive industry.
Are you looking to expand your expertise in applied automotive cybersecurity? For this purpose, please also consider the entry-level learning offerings of the CYRES Academy online learning platform.
Aicha Zayane is a Cybersecurity & Functional Safety Associate Analyst at CYRES Consulting while majoring in Electrical Engineering at the Technical University of Munich (TUM). Her knowledge in ISO26262 and ISO/SAE 21434 has been put into practice in cybersecurity and functional safety projects at CYRES Consulting covering work products such as item definitions, Hazards Analysis and Risk Assessments, and Threat Analysis and Risk Assessments.