search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Automotive


The new automotive cybersecurity standard


The majority of vehicles produced today connect to the outside world in some way. Vehicle-to-vehicle (V2V) and vehicle-to- everything (V2X) communication, over-the-air (OTA) updates, and mobile phone integration offer the ultimate driver comfort and safety. However, they also provide potential opportunities for criminals to gain access to systems within the vehicle, additionally exposing the back-end networks that serve them. NXP explains how a new automotive cybersecurity standard is helping to mitigate these threats and to encourage a more proactive approach to automotive security


Connectivity provides opportunity Historically, cars have been an unattractive target for criminals. They were isolated from their environment and the vehicle’s on-board diagnostic (OBD) port was typically the only access point into the vehicles’ electronic systems. Even so, this required physical presence to the vehicle and the perpetrator’s identity would be evident. Therefore, vehicle hacks were mostly the domain of researchers and white hat hackers.


However, new opportunities for cybercriminals have emerged through the advent of the connected car and its associated connected infrastructure. If not protected well, wireless interfaces can provide entry points for gaining remote and, perhaps more significantly, anonymous access. As the levels of vehicle autonomy increase, vehicles are fitted with increasingly complex advanced driver assistance systems (ADAS) that communicate with roadside sensors, traffic signals, surveillance cameras, and intelligent signage. With that, it also becomes increasingly challenging to secure all these systems and interfaces. In the absence of robust cybersecurity measures, this could allow criminals access to entire fleets of vehicles, city infrastructures, or a manufacturer’s network. The social and economic consequences of an attack on a whole city or smart motorway are unthinkable.


Global collaboration Collaboration is important to the automotive supply chain, and cybersecurity measures are essential to all vehicle design aspects. Any system with a vulnerability could provide an entry point to a cybercriminal, possibly allowing them to pivot from there to a critical one. The introduction of a new automotive standard shows how seriously the industry


18 November 2021


takes these threats. The International Organization for Standardization (ISO) and the Society of Automotive Engineering (SAE) began a joint initiative in 2016. They reached out to automakers, component and system suppliers, cybersecurity vendors and governing organisations and involved over 100 experts from more than 82 companies in 16 countries.


The new ISO/SAE 21434 standard is the result of this collaboration. It lays out clear organisational and procedural requirements throughout the vehicle’s entire lifecycle, from concept and development to production, operations and maintenance and finally decommissioning. Collaboration is key and the whole supply chain will need to implement effective methods for fostering a cybersecurity culture, including cybersecurity awareness management, competence management and continuous improvement to ensure its services and products meet expectations going forward.


Regulations enforce Cyber Security Management Systems (CSMS) Additionally, a new vehicle regulation UN R155 for cybersecurity was developed by the World Forum for Harmonization of Vehicle Regulations (UNECE WP.29). This regulation prevents an auto manufacturer from obtaining vehicle type approval and selling vehicles in a country unless they have a certified cyber security management system (CSMS) in place. The regulation will roll out in Europe, Japan and Korea from July 2022 onwards for new vehicle types and two years later for existing ones.


The connected vehicle consists of multiple electronic components and systems, supplied by a complex multi- tiered supply chain. For instance, an infotainment system is typically supplied by a Tier-1 supplier but contains chips and software libraries from Tier-2 suppliers. The security of a vehicle relies on the


Components in Electronics


entire supply chain. Under the UN R155 regulation, managing risks associated with all suppliers and service providers in the chain is the automaker’s responsibility, but requires support and collaboration across the supply chain.


The supply chain must comply with ISO/SAE 21434


It is generally recognized that ISO/SAE 21434 can be supportive in implementing the requirements on the CSMS to the organisations along the supply chain. And therefore, compliance with ISO/SAE 21434 becomes a requirement for the entire automotive supply chain, under UN R155. NXP is ISO/SAE 21434 compliant. Its cybersecurity engineering policies and processes are certified to comply with the new standard. It is the first company to be accredited in this way and can leverage a decade of automotive security experience into helping secure future cars. NXP can utilise its rich heritage in security to develop, manufacture and support its products. The company takes a holistic approach to security, across all parts of its organisation, based on


proven security processes and policies. The Competence Centre for Crypto and Security ensures that NXP products possess adequate protection for their intended applications and systems and its state- of-the-art vulnerability lab validates a product’s resistance to evolving threats. NXP employees take part in the NXP security school to foster their security know-how and the company’s approach to IT and site security is ISO27001 compliant.


Conclusion


As the proliferation of connected devices in our lives increase, the measures we take to secure them from cyberattacks must increase. Robust cybersecurity measures are required to minimise the risk of connected car attacks and to prevent such attempts from going undetected and unchecked – and this requires trusted products and mature security organisation to help carmakers secure vehicles against cyberattacks. Connectivity and autonomy should not be a threat, but an opportunity for safer, more productive and more efficient driving.


www.nxp.com www.cieonline.co.uk


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58