Security by design – establishing a cybersecurity framework for a new vehicle
After discussions with HORIBA MIRA, the decision was taken to align the manufacturer’s existing cybersecurity framework with the ISO/SAE 21434 standard used for road vehicles as this represented industry best practice. This standard also more closely aligned with their in-house engineering standards..
The work began in the concept phase by analysing the system architecture and its functionality, identifying the assets that needed to be protected. Next, the team worked through identifying potential damage scenarios, threat scenarios and the potential entry points.
Armed with this knowledge, a risk assessment was performed, looking at both the likelihood of the various attack scenarios and the severity of their consequences. Combined, this process is known as TARA (Threat Analysis and Risk Assessment). Based on the TARA, cybersecurity goals and requirements were specified and documented in a cybersecurity concept.
Having worked with a broad range of different cybersecurity projects over more than 15 years, HORIBA MIRA already had extensive knowledge of relevant threat scenarios that it was able to include in the analysis. The team also brought a tried and tested approach that iteratively manages cybersecurity risk of the product throughout the project.
Based on the success of the first project, work has continued into a second phase that spans cybersecurity specification, vulnerability analysis and a cybersecurity verification plan for future testing.
Successes and benefits
The first part of the project has seen the cybersecurity architecture pass through the concept phase and into initial development. Notable successes so far include:
- Strategic planning and architecture definition based on ISO/SAE 21434 built on MIRA experience to provide best-in class cybersecurity approach
- Comprehensive threat analysis and risk assessment to help better manage risks relevant to their product..
- Definition of high-level cybersecurity goals for the vehicle, based on that analysis, to further minimise security risks.
- Definition of the cybersecurity requirements that will need to be met by suppliers to support efficient cascade of needs early on.
This is a rapidly evolving field, so being able to tap straight into an experienced team who could turn it around in a short space of time was hugely beneficial for the client.
Paul Wooderson, Chief Engineer for Cybersecurity, HORIBA MIRA
- Cybersecurity and vehicle electrical architecture
- Off-highway machines
- Location – Nuneaton, UK
- Strategy built around industry best practice
- Item Definition
- Threat analysis and risk assessment
- Cybersecurity concept
- Cybersecurity specification
- Vulnerability analysis
- Cybersecurity verification plan for future testing