While the media continues its examination of specific vehicle cyber incidents and their implications for the automotive industry, a group of international industry experts came together through SAE International’s cyber standards development committee, to prioritize cybersecurity concerns and set out aggressively to address them.
The result is the world’s first Automotive Recommended Practice, SAE J3061 that provides needed guidance on ways to design a complex system to perform a desired function while limiting its ability to be exploited to do something malicious.
Increasing threats, broader use of technology, and customer expectations require a holistic cybersecurity strategy including quick response methods. Cybersecurity cannot be addressed at the end of development; as for functional safety, cybersecurity must be designed in to the system.
And that’s what SAE J3061 helps the auto industry—or other relevant sectors—do.
Because cybersecurity and functional safety share parallel processes (e.g. threat analysis and risk assessment vs hazard analysis and risk assessment; attack tree analysis vs fault tree analysis), and its teams need to interact, the approach for the committee and the standard was to tailor the cybersecurity process framework from “ISO 26262: Road vehicles – Functional safety.”
An engineering process for automotive cybersecurity-relevant embedded systems “SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems,” identifies methods and tools to facilitate application of the process and aids in the management of cybersecurity. In other words, it provides the guidance and information organizations need to develop their own internal cybersecurity process.
The document has been completed and, following final voting, is anticipated for release before the end of the year. Meanwhile, be one of the first to preview this important document. On December 3rd, 2015, 9:00 a.m., U.S. EST, log on to an SAE webinar, sponsored by IBM and Intel, for an overview presentation and discussion about this foundational cybersecurity document.