The subject of automotive cybersecurity involves many concepts, engineering methods, and technologies, some of which are unique to the automotive domain while others are shared with adjacent fields. The unique aspects are derived from the fact that the vehicle belongs to the family of cyber-physical systems. In such systems, embedded computers integrate with sensors and networking components to control physical processes, which then provide feedback to the computing environment. While sharing concepts with the domain of information security, breaches of cyber-physical systems result in physical impacts that can cause the unsafe operation of the system with the potential for injury and loss of life. When you choose to work in the field of automotive cybersecurity, you are not only responsible for protecting the security of the driver’s data, and the intellectual property and reputation of members in the supply chain, but more importantly, you are responsible for protecting the lives of those driving the vehicle or coming within its vicinity.

The complexity of producing vehicles that are secure by design goes beyond the technology challenges and spans several factors that are unique to the automotive industry. These include the complexity of the automotive supply chain, the legacy systems and practices that are hard to change, the limited allocated budgets for deploying security controls, the ever-shrinking program schedules, the limited computing resources, and the stringent power consumption requirements. All of these factors must be considered while meeting strict regulatory requirements and standards, which makes the job of automotive cybersecurity engineers both exciting and exhausting at the same time. To make matters worse, there is a severe shortage of automotive cybersecurity professionals, and all these while vehicles are becoming more connected, putting them at increased risk of cyber attacks. While software-defined vehicle transformation is underway, the trend of increased autonomy and connectivity will not be successful if vehicles are not developed on a secure foundation. Just like in adjacent domains, such as banking, cloud computing, and enterprise systems, when an opportunity for financial gain exists, hackers will find a way to penetrate even the most sophisticated defenses.

To ensure that the automotive industry does not go down the path of other industries in which the rate of fixing vulnerabilities is outpaced by the rate of creating them, there is a need for a systematic approach to cybersecurity engineering that is on par with the quality management and functional safety approaches that have an established record within this industry. You may have heard the phrases “secure by design” and “built-in security” versus “bolt-on security.” These are good mottos that we aim to put into practice throughout this book. Adopting cybersecurity within the engineering life cycle presents many challenges, which this book tries to tackle. The worst-case adoption scenario involves identifying threats but failing to act on risk reduction due to concerns about schedule and cost. Organizations that take this approach usually create a false sense of security by relying on a heavy-handed process that produces reams of paperwork to document risks and risk treatment decisions without investing in the technology needed to mitigate critical risks. Consequently, relying on processes that prioritize paper evidence over technical analysis and thorough argumentation of security risks creates a belief by engineering teams that the cybersecurity process is merely a checkbox exercise that adds no value. It is also possible to create an over-zealous security culture that produces security solutions that are too complicated to achieve in practice. In fact, security experts can lose credibility when they offer too many esoteric solutions that are impractical to implement or that cannot be defended when scrutinized for fulfilling an actual need. It is thus the job of the cybersecurity professionals to strike the right balance between security, technical feasibility, cost, effort, and overall impact on schedule. That is why one of the goals of this book is to define a practical approach for building secure systems that integrate seamlessly with existing engineering processes and tools while producing effective results.

There is no doubt that today, there exists a sizeable knowledge gap. To close this gap, the automotive industry either recruits security professionals with limited automotive knowledge or trains automotive engineers with limited security knowledge. This book aims to bridge the gap between the two groups of professionals by providing a balanced approach that reduces security risks to reasonable levels while working within the acceptable parameters of producing sellable automotive systems.

Throughout this book, you will notice that we do not dwell heavily on theory, and sometimes concepts may intentionally be over-simplified in favor of highlighting their practical aspects. It is the intent of this book to expose you to the widest set of cybersecurity topics that are relevant to this domain so you may later choose the level of depth you want to pursue in areas of interest. You might already be a practicing professional or someone who is just getting into the field. Either way, sooner or later, you will discover that what may be more challenging than producing technical security solutions is convincing people of the risks that need mitigation and why the pain they must endure now is justified in the long run. Having a formalized security engineering approach can help reduce the amount of subjectivity during these difficult conversations to avoid endless debates about what is considered a reasonable risk. That is why this book aims to reframe the security conversation through a common language that stresses objectivity while focusing on cybersecurity risk reduction.

Note

The views and opinions expressed in this book are solely those of the author and do not necessarily represent or reflect the views of current or past employers.

This book is for automotive engineers and security professionals who are expected to make their systems cyber-resilient through compliance with industry standards (specifically ISO21434 and UNECE REG 155-156). You may have a background in functional safety and are wondering what it means to develop a system that is both safe and secure. You may have a background in developing non-safety-relevant production software and are wondering how to add security-related features. You may also be a person who has a security background and is trying to transition into the automotive domain. Regardless of your background, this book is intended to provide you with a practical approach to automotive cybersecurity engineering that can be applied within a reasonable time frame and effort in a way that leverages your organization’s existing processes.

To ease the understanding of the concepts in this book, you will need to be familiar with basic automotive development processes that are applied through the V-model and basic principles of computer security. By the end of this book, it should be apparent to you why cybersecurity matters for automotive systems, how to integrate cybersecurity engineering with your development process, how to perform cybersecurity engineering activities efficiently within the time and engineering constraints of your system, and how to deploy cybersecurity controls at various layers of the vehicle and the ECU architecture. It is therefore the strategy of this book to demystify cybersecurity for automotive engineering teams and help them find ways to make cybersecurity an integrated property of their systems rather than a burden that must be de-prioritized to push products out of the door.

Chapter 1, Introducing the Vehicle Electrical/Electronic Architecture, covers the vehicle E/E architecture, which comprises the computing nodes, communication channels, sensors, and actuators distributed over several functional domains. Understanding the various E/E architectures of vehicles is essential to gain a perspective on how the vehicle can be attacked. This section examines the E/E architecture of several vehicle types and introduces the reader to different types of computing nodes, networking protocols, sensors, actuators, and security-relevant interfaces.

Chapter 2, Cybersecurity Basics for Automotive Use Cases, covers the basic principles of cybersecurity and cryptography, which are important to understand before tackling the problem of securing automotive systems. For people skilled in the art of cybersecurity, this chapter can be skipped; but for others, it is a prerequisite to help set the stage for other chapters. The reader is introduced to cryptographic methods with a general explanation of how each one can be applied to an automotive use case. The chapter then switches to common security principles that should guide the design of any secure system.

Chapter 3, Threat Landscape against Vehicle Components, follows on from Chapter 1, where the reader gained insights into the vehicle E/E architecture and the various components it supports. In this chapter, the reader walks through the various threats that exist for each component and vehicle subsystem. Understanding the threat landscape helps us understand why automotive cybersecurity is critical and establishes the groundwork for later chapters that aim to address those threats. The chapter walks the reader through each category of threats and then explores the common security weaknesses that make those threats viable. We take a top-down approach, starting with cybersecurity weaknesses at the vehicle level and then zooming in to various components and subcomponents at the ECU level.

Chapter 4, Exploring the Landscape of Automotive Cybersecurity Standards, covers engineering automotive systems, which require compliance with a myriad of quality and safety standards. With the introduction of cybersecurity to automotive systems, the automotive engineer is expected to be well versed in the various automotive cybersecurity standards. This section introduces standards such as ISO21434, REG155, REG156, TISAX, and SAE J3101. The reader is given a breakdown of each standard along with the rationale for why compliance is necessary.

Chapter 5, Taking a Deep Dive into ISO/SAE21434, covers ISO/SAE21434, which is the de facto standard for automotive cybersecurity engineering. It guides the reader through the complete secure development life cycle as well as cybersecurity management and risk governance. This chapter will walk through all the sections of the standard and explain why each one is important and how it shapes the product engineering life cycle.

Chapter 6, Interactions Between Functional Safety and Cybersecurity, covers functional safety, which is a differentiating aspect of automotive systems when compared to IT systems. The vast majority of automotive ECUs have a certain degree of safety relevance, which pulls into the picture various standards, such as ISO26262 and SOTIF. Building secure systems that are safety relevant requires close cooperation between the two engineering approaches. A disjointed approach is guaranteed to result in high costs, and inconsistencies that can lead to a project’s failure. This chapter describes the various areas where safety and security engineering approaches overlap and where they need to be reconciled. A basic understanding of functional safety is a prerequisite to reading this chapter.

Chapter 7, A Practical Threat Modeling Approach for Automotive Systems, covers threat modeling, which is at the core of any secure engineering process. It is the driver for understanding threats against the system and deriving cybersecurity goals, controls, and requirements necessary to treat those threats. Due to the safety aspect of automotive systems, general threat modeling approaches from IT systems are not suitable for automotive security analysis. To bridge that gap, several automotive-centric threat modeling methods have been proposed. In this chapter, we explore the different threat modeling methods available and how they integrate the safety aspects. We show common challenges in applying a TARA to a complex system. Then, we present an optimized approach that accounts for various types of automotive systems and components to produce a comprehensive set of security requirements that ensure system security.

Chapter 8, Vehicle-Level Security Controls, explores the various security controls and techniques available to build cyber-resilient automotive systems. The book started with exploring threats and weaknesses and then detoured into applying a systematic cybersecurity engineering process to identify risks that require treatment. This chapter delves into each technology area and presents the most common methods used to create mitigations at the vehicle level considering the complete vehicle life cycle. It also presents common pitfalls to avoid when implementing those controls.

Chapter 9, ECU-Level Security Controls, applies a similar approach to Chapter 8, which focused on security controls applied at the vehicle level, but this time at the ECU level. Keeping up with the principle of defense-in-depth requires us to build resilient vehicle components at the ECU and sub-ECU levels. This chapter takes a layered approach to securing the ECU and its sub-components. We will examine the various technologies available, understand their challenges and pitfalls, and then discuss how to use them securely.

This book is most effective when read while working on a real automotive project that has cybersecurity relevance. Doing so will help you connect with the many challenges mentioned in this book from the various perspectives presented. While we tried our best to provide the background on as many concepts presented in this book, if you find yourself unfamiliar with a specific topic, then we advise you to spend time researching it before moving on to other chapters in the book as the concepts are built up one chapter at a time. In fact, it helps to create your own library of references so you may come back to it in the future when you find yourself working on a certain topic. And remember, cybersecurity is a field of life-long learning.

Midway through writing this book, we discovered the wonder of Large Language Models (LLMs) and their extraordinary ability to process and generate text. The topic of generative AI for accelerating cybersecurity work deserves a book of its own, but for now, let us share some firsthand lessons that should be considered to optimize and streamline your automotive cybersecurity work.

If we pause to briefly ask, “What is knowledge-based work?” then the answer can be explained through three main activities: searching for information, comprehending the information, and producing new information. It turns out LLMs can be a perfect assistant in all three categories of knowledge-based work. Given how knowledge intensive the field of cybersecurity is, the integration of LLMs offers a transformative approach to streamlining cybersecurity efforts, particularly in the automotive industry. At the crux, LLMs excel in indexing and making text-based data—such as security requirements, architecture descriptions, and code—semantically searchable. Moreover, these AI models can synthesize, evaluate, and summarize critical information, offering an invaluable toolset for cybersecurity analysis.

As a cybersecurity professional, you might be overwhelmed with the volume of workload that you have to manage, such as security requirements, threat models, and risk analysis. AI promises to improve the workforce imbalance by providing with models that can improve the efficiency of security analysis and work product generation to demonstrate the achieved level of cybersecurity assurance. As you build your threat models, threat catalogs, and weaknesses databases, you will generate a wealth of text that is perfect for an LLM to index, compare, and even flag duplication. For example, threats can be transformed into embedding vectors, enabling similarity searches based on text descriptions of other threats. This effectively can serve as a recommendation system that proposes threats that you should consider based on how you described your feature, architecture, or attack surface.

When it comes to producing the ISO 21434 work products, it is possible to rely on the few-shot learning capability of LLM models to transform text describing a security objective, a transferred risk, or even a desired security outcome into a formal work product such as a cybersecurity goal, a claim, or a security requirement. All it takes is a few well-vetted examples of each of these work products and the LLM can transform the input text into well-written, close-to-compliant output. When performing threat analysis and risk assessment, you will find in many cases that you are constantly searching for existing cybersecurity controls or prior weaknesses and threats that should be considered. Integrating the ability to search for these work products within your TARA tool significantly reduces the time it takes to research whether a security control already exists or an assumed risk has already been captured for a given attack path. Even coding weaknesses can be found with the help of an LLM by presenting the code and asking the model to identify vulnerabilities and argue about why the code is free from vulnerabilities. Finally, generating test cases from requirements emerges as a potent use case, deployable after supplying example pairs showing test cases along with their parent security requirements. As you read this book, you are encouraged to think of these and other use cases that can be streamlined with the help of LLMs.

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Automotive-Cybersecurity-Engineering-Handbook. If there’s an update to the code, it will be updated in the GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “The first check (signatureVerificationResult == 0x3CA5965A) determines whether signatureVerificationResult has the correct and expected value.”

A block of code is set as follows:

if (signatureVerificationResult == 0x3CA5965A)
{
    // Hamming distance check passed, now perform a second check using
    // the inverse of the variable
    if (~signatureVerificationResult != 0xC35A69A5)
    {
        Log_fault(error_type);
    }
    else
    {
        Allow_application_to_run(); // Attacker wants to get here
                                    // through glitching
    }
}

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “SAE J2497 is a communication protocol used in commercial trucks to allow the exchange of data between the tractor and the trailer, such as the ABS trailer status lamp.”

Tips or important notes

Appear like this.

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at customercare@packtpub.com and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packt.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Once you’ve read Automotive Cybersecurity Engineering Handbook, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

1. Scan the QR code or visit the link below

https://packt.link/free-ebook/9781801076531

2. Submit your proof of purchase
3. That’s it! We’ll send your free PDF and other benefits to your email directly