What this book covers
Chapter 1, Introducing the Vehicle Electrical/Electronic Architecture, covers the vehicle E/E architecture, which comprises the computing nodes, communication channels, sensors, and actuators distributed over several functional domains. Understanding the various E/E architectures of vehicles is essential to gain a perspective on how the vehicle can be attacked. This section examines the E/E architecture of several vehicle types and introduces the reader to different types of computing nodes, networking protocols, sensors, actuators, and security-relevant interfaces.
Chapter 2, Cybersecurity Basics for Automotive Use Cases, covers the basic principles of cybersecurity and cryptography, which are important to understand before tackling the problem of securing automotive systems. For people skilled in the art of cybersecurity, this chapter can be skipped; but for others, it is a prerequisite to help set the stage for other chapters. The reader is introduced to cryptographic methods with a general explanation of how each one can be applied to an automotive use case. The chapter then switches to common security principles that should guide the design of any secure system.
Chapter 3, Threat Landscape against Vehicle Components, follows on from Chapter 1, where the reader gained insights into the vehicle E/E architecture and the various components it supports. In this chapter, the reader walks through the various threats that exist for each component and vehicle subsystem. Understanding the threat landscape helps us understand why automotive cybersecurity is critical and establishes the groundwork for later chapters that aim to address those threats. The chapter walks the reader through each category of threats and then explores the common security weaknesses that make those threats viable. We take a top-down approach, starting with cybersecurity weaknesses at the vehicle level and then zooming in to various components and subcomponents at the ECU level.
Chapter 4, Exploring the Landscape of Automotive Cybersecurity Standards, covers engineering automotive systems, which require compliance with a myriad of quality and safety standards. With the introduction of cybersecurity to automotive systems, the automotive engineer is expected to be well versed in the various automotive cybersecurity standards. This section introduces standards such as ISO21434, REG155, REG156, TISAX, and SAE J3101. The reader is given a breakdown of each standard along with the rationale for why compliance is necessary.
Chapter 5, Taking a Deep Dive into ISO/SAE21434, covers ISO/SAE21434, which is the de facto standard for automotive cybersecurity engineering. It guides the reader through the complete secure development life cycle as well as cybersecurity management and risk governance. This chapter will walk through all the sections of the standard and explain why each one is important and how it shapes the product engineering life cycle.
Chapter 6, Interactions Between Functional Safety and Cybersecurity, covers functional safety, which is a differentiating aspect of automotive systems when compared to IT systems. The vast majority of automotive ECUs have a certain degree of safety relevance, which pulls into the picture various standards, such as ISO26262 and SOTIF. Building secure systems that are safety relevant requires close cooperation between the two engineering approaches. A disjointed approach is guaranteed to result in high costs, and inconsistencies that can lead to a project’s failure. This chapter describes the various areas where safety and security engineering approaches overlap and where they need to be reconciled. A basic understanding of functional safety is a prerequisite to reading this chapter.
Chapter 7, A Practical Threat Modeling Approach for Automotive Systems, covers threat modeling, which is at the core of any secure engineering process. It is the driver for understanding threats against the system and deriving cybersecurity goals, controls, and requirements necessary to treat those threats. Due to the safety aspect of automotive systems, general threat modeling approaches from IT systems are not suitable for automotive security analysis. To bridge that gap, several automotive-centric threat modeling methods have been proposed. In this chapter, we explore the different threat modeling methods available and how they integrate the safety aspects. We show common challenges in applying a TARA to a complex system. Then, we present an optimized approach that accounts for various types of automotive systems and components to produce a comprehensive set of security requirements that ensure system security.
Chapter 8, Vehicle-Level Security Controls, explores the various security controls and techniques available to build cyber-resilient automotive systems. The book started with exploring threats and weaknesses and then detoured into applying a systematic cybersecurity engineering process to identify risks that require treatment. This chapter delves into each technology area and presents the most common methods used to create mitigations at the vehicle level considering the complete vehicle life cycle. It also presents common pitfalls to avoid when implementing those controls.
Chapter 9, ECU-Level Security Controls, applies a similar approach to Chapter 8, which focused on security controls applied at the vehicle level, but this time at the ECU level. Keeping up with the principle of defense-in-depth requires us to build resilient vehicle components at the ECU and sub-ECU levels. This chapter takes a layered approach to securing the ECU and its sub-components. We will examine the various technologies available, understand their challenges and pitfalls, and then discuss how to use them securely.