A walk through the field of cybersecurity
Posted: January 29, 2024
With her several years of experience in cybersecurity, we decided to have a talk with Elmira Anbardar about the ever-changing challenges of automotive cybersecurity.
Why is Cybersecurity at the top of everyone’s mind?
With the automotive sector increasingly shifting towards software-centric models, Original Equipment Manufacturers (OEMs) are undergoing a significant transformation. They are evolving from their traditional roles as hardware-focused entities to entities that predominantly operate in the software domain, reflecting the industry’s shifting priorities and technological advancements.
Integrating software in vehicles brings the benefits of patching, updating, and notably, Over-The-Air (OTA) updates, offering a substantial edge in vehicle functionality and user experience. Yet, this software reliance and connectivity, especially with the Internet, introduce an expanded attack surface. This exposes vehicles to external threats, necessitating a heightened focus on cybersecurity measures within the automotive industry.
“While hackers are not heavily focused on the automotive sector, we anticipate their interest will grow. Hence, it is crucial to be prepared.”
As software and systems become more complex, interactions between modular parts increase, opening new breaches and entry points. Moreover, when all the software modular parts were initially developed and implemented, cybersecurity concerns were not as prominent as now. Therefore, there is a need to reevaluate and document the infrastructure and pre-made parts.
While hackers are not heavily focused on the automotive sector, we anticipate their interest will grow. Hence, it is crucial to be prepared. Ransomware is also a looming threat that needs to be addressed.
What is Incident Response Management?
A situation in the field that can involve vulnerability exploitation is called a cybersecurity incident.
All organizations should be prepared to react fast to vulnerabilities or incidents in the field. Cybersecurity incident response occurs when an organization invokes it as part of vulnerability management.
Cybersecurity monitoring, remediation, and incident response activities complete the concept and product development activities. It contains a reactive approach acknowledging the changing conditions in the environment which is a new attack technology and the continuous need to identify and manage weaknesses and vulnerabilities in vehicles’ E/E system. To get help rating the incidents information technology security vulnerabilities, The Common Vulnerability Scoring System (CVSS) that is maintained by the Forum of Incident Response and Security Teams (FIRST) can be used.
Some responsibilities of Incident Reporting Management:
- Determine and implement remedial actions for cybersecurity incidents
- Maintain cybersecurity during and after updates until the end of cybersecurity support
- A suitable environment to support the reproduction of the remedial actions regarding cybersecurity incidents
- Collect and maintain information from past cybersecurity incidents
What is a TARA?
TARA stands for Threat Analysis and Risk Assessment, and the concept aligns with HARA in Functional Safety, signifying a risk-based approach.
Firstly, TARA considers the development of a new or modified asset (or development), then focuses on associated threat scenarios, and later assigns risk values.
TARA is defined as modular methods for analysis and each module can proceed in any order. Still, the method recommended in the Annex of standard (SAE/ISO 21434) suggests this order:
- asset identification
- impact rating
- threat scenario identification
- attack path analysis
- attack feasibility rating
- risk value determination
- risk treatment decision
In attack feasibility rating, two different approaches are applied for rating the attack feasibility. One approach uses an attack vector-based approach, and the other approach uses an attack potential-based approach.
A summarized TARA would look like this: first, we examine the cybersecurity risks. This starts by identifying the important parts (assets) in your system that need protection. Next, we list the possible threats to these assets, considering the technology used by these assets. Then, we assess each threat by its likelihood and potential impact. From this, we calculate the overall level of risk. The final step is to figure out how to handle this risk. The most effective approach is usually mitigation, which involves implementing specific cybersecurity measures.
What is a Cybersecurity Case?
A cybersecurity case is a well-structured argument, supported by evidence, that asserts the risks involved are not unreasonable. It serves as a crucial input for cybersecurity assessments and paves the way for post-development release. The sufficiency of addressing identified risks is justified through a well-defined rationale in the cybersecurity case, which is further reinforced by associated work products.
In scenarios of distributed development, the cybersecurity case for a particular item often emerges as a synthesis of cases from both the customer and suppliers. This combined case draws on evidence from work products produced by all involved parties, thereby forming a comprehensive, multi-faceted argument for the item’s overall cybersecurity stance.
These cybersecurity cases are, in essence, the culmination of addressing specific cybersecurity requirements.
“These cybersecurity cases are, in essence, the culmination of addressing specific cybersecurity requirements.”
What is a Cybersecurity Catalog?
A Cybersecurity catalog represents an optimal approach, leveraging trusted and predefined resources for enhanced security measures. By selecting cybersecurity mitigations from such a catalog, we can effectively address specific threats, particularly those associated with emerging technologies and vulnerabilities. This method not only standardizes impact ratings across various authoritative bodies but also serves to systematically organize critical information.
Utilizing a cybersecurity catalog ensures a more robust, unified framework for managing and mitigating digital risks, thereby fortifying the overall security posture in the face of evolving cyber threats.
How many levels do you need a TARA on?
ISO 21434 operates on the premise that your organization already implements a V model, mandating the integration of your TARA method across various levels. While the standard doesn’t specify the exact number of TARA levels required, this often differs among OEMs and suppliers. Deciding the number of TARA levels is a nuanced process. Given the standard’s approach of segmenting the entire vehicle into multiple items, a single level of TARA proves insufficient. It is crucial to not only consider the impact of attack surfaces on individual items but also to examine potential overlaps. Consequently, conducting a comprehensive vehicle-level TARA is essential. This ensures a thorough analysis of all items and their interrelations, confirming the security of the entire product.
“Conducting a comprehensive vehicle-level TARA is essential.“
Should Cybersecurity be developed in-house?
Many OEMs are moving towards shaping their in-house teams, especially for decision-making components. However, there is still a grey zone where both suppliers and OEMs are reluctant to provide all the cybersecurity information about their products. That is why the standard emphasizes organizational and project-dependent cybersecurity management, along with distributed cybersecurity activities. There should be an agreement between the parties regarding cybersecurity requirements, testing, verification, and expectations from each party. All responsibilities, methods of communication, and other details should be clear and agreed upon by all parties.
