Specifications for Automotive Cybersecurity: Part 2
Threats and mitigations to consider
01 February 2022
In part 1 of this blog, we talked about how ISO/SAE 21434:2021 – Road vehicles – Cybersecurity engineering (21434) outlines the requirements for the processes surrounding the Cyber Security Management System (CSMS). In this entry, we'll take a closer look at how one might go about addressing both ISO/SAE 21434:2021 and UN Regulation No. 155.
UN Regulation No. 155 – Cyber security and cyber security management system (R155)
Section 7.2 of R155 lays out the requirements for the (CSMS), which include development, production, and post-production, with the minimum set of processes to be defined and implemented specified in section 18.104.22.168. For the most part, the requirements of 7.2 are covered through conformance to 21434, but there are a few gaps that must be taken into account. The first is in 22.214.171.124 (b), which references Annex 5, which lists specific threats and corresponding mitigations that must be considered. The 21434 standard does not contain such a list but can support the inclusion of such a list. The other gaps are the specification of a mitigation timeframe in 126.96.36.199; an explicit capability to analyse and detect cyber threats, vulnerabilities and cyber-attacks from vehicle data and logs in 188.8.131.52; and the requirement to respect the privacy rights of car owners or drivers in 184.108.40.206. These gaps can be implemented for R155 without breaking conformance with 21434.
Section 7.3 of R155 lays out requirements for vehicle types, including a list of threats and corresponding mitigations in Annex 5 as the minimum set of threats and mitigations must be assessed for each vehicle type. As was mentioned for 220.127.116.11 (b), such a list is not included in 21434, although it can support the inclusion of such a list.
Annex 5 of R155 is an important part of the regulation containing the minimum set of threats and corresponding mitigations that must be considered for type approval. It is split into three parts:
- Part A contains vulnerability or attack method related to threats
- Part B contains mitigations to the threats intended for vehicles including vehicle communication channels, update process, unintended human actions, external connectivity, potential targets/motivations, potential vulnerabilities, data loss/breach, and physical manipulation
- Part C contains mitigations to the threats outside of vehicles including back-end servers, unintended human actions, physical/data loss.
An approach to meeting both 21434 and R155 is to start with implementing 21434 taking into account the few gaps to get a CSMS that is conformant to both 21434 and R155, and then to use R155 to fill in required assessments that may have been missed during 21434 implementation, paying particular attention to section 7.3 and Annex 5.
Together these specifications ensure that security is considered through design to protect the systems in connected automobiles from cyber attacks.