Worldwide automotive cybersecurity experts meet at ACTIA headquarters in Toulouse-France
July 2019 News
ACTIA has been proud to host, in our headquarters, the Editing Team of the ISO/SAE 21434, Automotive Cybersecurity Engineering. These worldwide experts in cybersecurity will finish in October 2020 their works, which will be a base for international regulations for connected and autonomous cars’ cybersecurity.
Jacques Kunegel, Products Security Manager within ACTIA Group, is the leader of the French expert team contributing to this standard. He has discussed with Lisa BORAN, Committee Chair for SAE J3061 & Committee Co-Convenor for ISO/SAE 21434 and et Gido Scharfenberger-Fabian, Committee Co-Convenor for ISO/SAE 21434, about their vision, during this one week workshop.
What is the purpose of the ISO / SAE Joint Working Group you are co-leading?
Lisa Boran: « To develop a state of the art cybersecurity framework for the automotive industry to engineer safe and secure products. The standard helps to ensure completeness, consistency and repeatability in designing around cybersecurity upfront. It provides a framework for managing risk and building a cybersecurity culture into the organization. The standard is to be used by industry to make vehicles more secure in a systematic way from concept thru decommissioning. The new standard is a joint effort between SAE and ISO, the first of its kind to harmonize a common interest standards development. »
Gido Scharfenberger-Fabian: « In the international standardization project ISO/SAE 21434 Road vehicles - Cybersecurity engineering we are defining the state of the art of cybersecurity engineering for the automotive industry... That is, we are specifying requirements for processes and methodology throughout the automotive supply chain that ensure appropriate consideration of cybersecurity in the development and throughout the lifecycle of vehicle systems. »
Talking about cybersecurity, what are the major risks associated with technological progress, inter-connectivity and autonomy of vehicles?
Lisa Boran: « Keeping up with the rate of change and the sheer number of clouds, networks, sensors, modules and services that need protection. The biggest challenges in this space are:
- Finding talent with the necessary skillset. Not too many people with the necessary skillset, so it is very competitive. EVERYONE is looking for cybersecurity experts….they are in high demand.
- The new features, technologies and connected services are continually changing the threat landscape so industry needs to stay on top and have a framework that is resilient to change. We believe our framework provides this.
- The automotive manufacturers, supply base and third party service providers have varying levels of capability in cybersecurity, this standard will help bring everyone up to the same level of capability. »
Gido Scharfenberger-Fabian: « Generally speaking, the increased connectivity of the vehicles employing various communication technologies can increase the opportunities for potential attackers to gain unauthorized access and manipulate vehicle systems... Furthermore, highly automated driving functions could in principle - when misused by a malevolent attacker - pose serious risk to road safety. »
What do you think is the best value of ACTIA and its role in this group?
Lisa Boran: « As with any volunteer work in standards and best practice development, we need cybersecurity experts willing to offer their time for consultation and to author and develop sections of the document. Actia has stepped up to the plate and provided tremendous input to the overall content development. The support Actia has given such as content development, overview, travel approval and sponsoring both Project Group meetings and Editorial Meetings for our teams at their facility, is very much noticed and appreciated and shows they are committed and serious about ensuring the safety and security of vehicles and products. »
Gido Scharfenberger-Fabian: « ACTIA is very actively supporting the standardization project in various ways: through valuable contributions and proposals in the technical discussions, representing the Tier-1 supplier perspective; by leading the drafting team of the JWG; and last but not least as a generous host for two of our sub-team face-to-face meetings in the lovely town of Toulouse. »
Read also : ACTIA shifts gear to address cybersecurity