HOW ACTIA IS PREPARING THE ELECTRONIC ARCHITECTURE FOR THE VEHICLE OF THE FUTURE?
Uniting operating safety and cybersecurity.“Security By Design”: a pragmatic approach based on analysis, management and constant control of risks.
Uniting operating safety and cybersecurity.
With the advent of CAVs (Connected and Autonomous Vehicles), designing and developing effective solutions on-board vehicles is a real challenge, particularly as regards securing on-board systems.
This concept of “securing” translates into the growing requirements for both safety and cybersecurity.
ACTIA is fully aware of the challenges, and is developing the electronic architecture for vehicles that are compatible with cybersecurity and safety standards.
SAFETY VS SYSTEMS SECURITY (CYBERSECURITY)
Concepts of security and safety are subject to various interpretations depending on the business sector, personal perceptions and disciplines.
“Safety” generally corresponds to functional safety, also called dependability. Safety consists in reducing accidents by studying faults and errors, and their mitigation.These are related to chance events or actions without malicious intent.
“Security” is associated with the fields of cybersecurity, or digital security, information security, information systems security product security. Cybersecurity mainly entails protecting against deliberate malicious acts, but also error or misuse.
Reconciling the requirements of the two disciplines
In current on-board architectures and systems, it is therefore necessary to reconcile safety requirements, which have incorporated the developments for the latest vehicle generations, in particular the application of the ISO 26262 standard,and Cybersecurity requirements, which are relatively new and have very recently started to be integrated into vehicle developments.
Reconciling the requirements and practices of these 2 disciplines entails both:
- using synergies and similarities that exist between them, such as risk-based approaches; formalising, accounting for and tracking analyses and decisions; progressive assurance level according to risks and objectives; integration into business processes; similarity of issues.
- dealing with the specifics of each discipline (threats and events reference system, analysis methodologies, deliverables, etc.) and any “conflicts” that may exist, such as a cybersecurity filtering function that blocks a flow that is critical in terms of functional safety, etc.).
Within ACTIA, the safety and cybersecurity fields are each organised:
- Around teams dedicated to each discipline, but which collaborate actively,
- Around skills shared in the different activities,
Cybersecurity is handled globally through a dedicated company process: the Information Security Management System, which has been ISO 27001 certified since 2018.
“This management system’s objectives and activities include in particular a “Product security” component that specifically deals with cybersecurity issues in on-board architectures and systems. Additionally, this global policy integrates the application of benchmarks that are suited to the industrial context, such as the ANSSI* Industrial Cybersecurity Guide, for instance, or Automotive cybersecurity engineering standards such as ISO/SAE 21 434.”explains Catherine LEDEUIL, VEA (Vehicle Electronic Architecture) marketing and sales manager.
Threats related to data and communicating systems
New on-board architectures and functions are increasingly complex and automated. We are also seeing increasing use and exchange of data, and interactions inside the vehicle and with its environment. These elements contribute to a substantial increase of the attack surface and cybersecurity risks.
“On-board systems are complex, as they unite cutting-edge software functions and highly disparate hardware resources. Security for on-board systems covers various issues related to protection of circuits and the data generated. ACTIA uses a global security approach: from the technological level to the system level”says Fabien TRINITÉ, ECU Automation Product Group director.
The next decade will be a turning point for connected on-board systems. Recent events show that there are still multiple challenges to guarantee protection of systems, data processed, and information exchanged. This protection has to cover three areas of application: software platforms, hardware platforms and associated services, the latter of which open up the system to third-party applications. Vehicle-specific information will therefore be shared with an ever-increasing number of stakeholders, with widely differing levels of maturity and cybersecurity practices.
“Through synergy of its vehicle architecture, diagnostics and telematics expertise, ACTIA has developed a good understanding of the digital ecosystem in vehicles. We are able to strengthen our development resources to give manufacturers a high-performance trusted environment. The electronic architecture of the future is to be robust and resilient, which is essential to be able to adapt to threats.” explains Catherine LEDEUIL.
www.actia.com
