Automotive Cybersecurity Standards - Relation and Overview

Christoph Schmittner, Georg Macher

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Today many connected and automated vehicles are available and connectivity features and information sharing is increasingly used for additional vehicle-, maintenance- and traffic safety features. This highly connected networking also increase the attractiveness of an attack on vehicles and the connected infrastructure by hackers with different motivations and thus introduces new risks for vehicle cybersecurity. Highly aware of this fact, the automotive industry has therefore taken high efforts in designing and producing safe and secure connected and automated vehicles. Therefore the domain invested efforts in the development of industry standards to tackle automotive cybersecurity issues and protect their assets. The joint working group of the standardization organizations International Organization for Standardization (ISO) and Society of Automotive Engineers (SAE) has recently established and published a committee draft of the “ISO-SAE Approved new Work Item (AWI) 21434 Road Vehicles - Cybersecurity Engineering” standard. In addition to that SAE is also working on a set of cybersecurity guidance, ISO is addressing specific automotive cybersecurity related topics in additional standards and European Telecommunications Standards Institute (ETSI) and International Telecommunication Union (ITU) is working on security topics of connected vehicles. Further activities are national and international regulations on Automotive Cybersecurity. In the course of this document, a review of the available work and ongoing developments is given and the outline of the automotive cybersecurity framework is given. The aim of this work is to provide a position statement for discussion of available standards, methods and recommendations for automotive cybersecurity.

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11699 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference7th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2019, 14th ERCIM/EWICS/ARTEMIS Workshop on Dependable Smart Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2019, 8th International Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems, SASSUR 2019, 2nd International Workshop on Safety, Security, and Privacy In Automotive Systems, STRIVE 2019, 2nd International Workshop on Artificial Intelligence Safety Engineering, WAISE 2019 held in conjunction with 38th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2019
CountryFinland
CityTurku
Period10/09/1913/09/19

Fingerprint

Standardization
Engineers
Telecommunication
Telecommunications
Industry
Standards
Automotive industry
Information Sharing
Networking
Guidance
Recommendations
Maintenance
Connectivity
Union
Infrastructure
Safety
Attack
Traffic
Engineering

Keywords

  • Automotive
  • ISO 21434
  • ISO 26262
  • Security analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Schmittner, C., & Macher, G. (2019). Automotive Cybersecurity Standards - Relation and Overview. In A. Romanovsky, E. Troubitsyna, I. Gashi, E. Schoitsch, & F. Bitsch (Eds.), Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings (pp. 153-165). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11699 LNCS). Springer-Verlag Italia. https://doi.org/10.1007/978-3-030-26250-1_12

Automotive Cybersecurity Standards - Relation and Overview. / Schmittner, Christoph; Macher, Georg.

Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings. ed. / Alexander Romanovsky; Elena Troubitsyna; Ilir Gashi; Erwin Schoitsch; Friedemann Bitsch. Springer-Verlag Italia, 2019. p. 153-165 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11699 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Schmittner, C & Macher, G 2019, Automotive Cybersecurity Standards - Relation and Overview. in A Romanovsky, E Troubitsyna, I Gashi, E Schoitsch & F Bitsch (eds), Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11699 LNCS, Springer-Verlag Italia, pp. 153-165, 7th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2019, 14th ERCIM/EWICS/ARTEMIS Workshop on Dependable Smart Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2019, 8th International Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems, SASSUR 2019, 2nd International Workshop on Safety, Security, and Privacy In Automotive Systems, STRIVE 2019, 2nd International Workshop on Artificial Intelligence Safety Engineering, WAISE 2019 held in conjunction with 38th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2019, Turku, Finland, 10/09/19. https://doi.org/10.1007/978-3-030-26250-1_12
Schmittner C, Macher G. Automotive Cybersecurity Standards - Relation and Overview. In Romanovsky A, Troubitsyna E, Gashi I, Schoitsch E, Bitsch F, editors, Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings. Springer-Verlag Italia. 2019. p. 153-165. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-26250-1_12
Schmittner, Christoph ; Macher, Georg. / Automotive Cybersecurity Standards - Relation and Overview. Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings. editor / Alexander Romanovsky ; Elena Troubitsyna ; Ilir Gashi ; Erwin Schoitsch ; Friedemann Bitsch. Springer-Verlag Italia, 2019. pp. 153-165 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{395e001dfc97472c851fc212bab385c8,
title = "Automotive Cybersecurity Standards - Relation and Overview",
abstract = "Today many connected and automated vehicles are available and connectivity features and information sharing is increasingly used for additional vehicle-, maintenance- and traffic safety features. This highly connected networking also increase the attractiveness of an attack on vehicles and the connected infrastructure by hackers with different motivations and thus introduces new risks for vehicle cybersecurity. Highly aware of this fact, the automotive industry has therefore taken high efforts in designing and producing safe and secure connected and automated vehicles. Therefore the domain invested efforts in the development of industry standards to tackle automotive cybersecurity issues and protect their assets. The joint working group of the standardization organizations International Organization for Standardization (ISO) and Society of Automotive Engineers (SAE) has recently established and published a committee draft of the “ISO-SAE Approved new Work Item (AWI) 21434 Road Vehicles - Cybersecurity Engineering” standard. In addition to that SAE is also working on a set of cybersecurity guidance, ISO is addressing specific automotive cybersecurity related topics in additional standards and European Telecommunications Standards Institute (ETSI) and International Telecommunication Union (ITU) is working on security topics of connected vehicles. Further activities are national and international regulations on Automotive Cybersecurity. In the course of this document, a review of the available work and ongoing developments is given and the outline of the automotive cybersecurity framework is given. The aim of this work is to provide a position statement for discussion of available standards, methods and recommendations for automotive cybersecurity.",
keywords = "Automotive, ISO 21434, ISO 26262, Security analysis",
author = "Christoph Schmittner and Georg Macher",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-26250-1_12",
language = "English",
isbn = "9783030262495",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag Italia",
pages = "153--165",
editor = "Alexander Romanovsky and Elena Troubitsyna and Ilir Gashi and Erwin Schoitsch and Friedemann Bitsch",
booktitle = "Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings",
address = "Italy",

}

TY - GEN

T1 - Automotive Cybersecurity Standards - Relation and Overview

AU - Schmittner, Christoph

AU - Macher, Georg

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Today many connected and automated vehicles are available and connectivity features and information sharing is increasingly used for additional vehicle-, maintenance- and traffic safety features. This highly connected networking also increase the attractiveness of an attack on vehicles and the connected infrastructure by hackers with different motivations and thus introduces new risks for vehicle cybersecurity. Highly aware of this fact, the automotive industry has therefore taken high efforts in designing and producing safe and secure connected and automated vehicles. Therefore the domain invested efforts in the development of industry standards to tackle automotive cybersecurity issues and protect their assets. The joint working group of the standardization organizations International Organization for Standardization (ISO) and Society of Automotive Engineers (SAE) has recently established and published a committee draft of the “ISO-SAE Approved new Work Item (AWI) 21434 Road Vehicles - Cybersecurity Engineering” standard. In addition to that SAE is also working on a set of cybersecurity guidance, ISO is addressing specific automotive cybersecurity related topics in additional standards and European Telecommunications Standards Institute (ETSI) and International Telecommunication Union (ITU) is working on security topics of connected vehicles. Further activities are national and international regulations on Automotive Cybersecurity. In the course of this document, a review of the available work and ongoing developments is given and the outline of the automotive cybersecurity framework is given. The aim of this work is to provide a position statement for discussion of available standards, methods and recommendations for automotive cybersecurity.

AB - Today many connected and automated vehicles are available and connectivity features and information sharing is increasingly used for additional vehicle-, maintenance- and traffic safety features. This highly connected networking also increase the attractiveness of an attack on vehicles and the connected infrastructure by hackers with different motivations and thus introduces new risks for vehicle cybersecurity. Highly aware of this fact, the automotive industry has therefore taken high efforts in designing and producing safe and secure connected and automated vehicles. Therefore the domain invested efforts in the development of industry standards to tackle automotive cybersecurity issues and protect their assets. The joint working group of the standardization organizations International Organization for Standardization (ISO) and Society of Automotive Engineers (SAE) has recently established and published a committee draft of the “ISO-SAE Approved new Work Item (AWI) 21434 Road Vehicles - Cybersecurity Engineering” standard. In addition to that SAE is also working on a set of cybersecurity guidance, ISO is addressing specific automotive cybersecurity related topics in additional standards and European Telecommunications Standards Institute (ETSI) and International Telecommunication Union (ITU) is working on security topics of connected vehicles. Further activities are national and international regulations on Automotive Cybersecurity. In the course of this document, a review of the available work and ongoing developments is given and the outline of the automotive cybersecurity framework is given. The aim of this work is to provide a position statement for discussion of available standards, methods and recommendations for automotive cybersecurity.

KW - Automotive

KW - ISO 21434

KW - ISO 26262

KW - Security analysis

UR - http://www.scopus.com/inward/record.url?scp=85072880459&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-26250-1_12

DO - 10.1007/978-3-030-26250-1_12

M3 - Conference contribution

SN - 9783030262495

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 153

EP - 165

BT - Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings

A2 - Romanovsky, Alexander

A2 - Troubitsyna, Elena

A2 - Gashi, Ilir

A2 - Schoitsch, Erwin

A2 - Bitsch, Friedemann

PB - Springer-Verlag Italia

ER -