Designing cyber-resilient automotive systems calls for more than a surface-level understanding of the automotive security threat environment. It necessitates an orderly, process-driven approach that guarantees every facet of vehicle development, production, and operation is guarded against cybersecurity threats. To that end, standardization bodies have published numerous standards on the process and technical measures for protecting vehicles and their supporting systems throughout the vehicle’s life cycle. Such standards establish the state of the art to help organizations understand gaps in their engineering processes and technology offerings. They also provide a framework for maintaining a consistent level of security across the automotive supply chain by adhering to a common set of procedures and practices. Besides complying with the state of the art, abiding by standards helps reduce debate among practitioners...

Three binding standards govern the cybersecurity aspects of how vehicles and their supporting systems are developed, produced, and maintained. Non-compliance with those standards can lead to legal and financial implications for OEMs and suppliers, so let’s take a deeper look.

UNECE WP.29

Different government and international bodies have mandated cybersecurity standards and regulations that govern OEMs within their geographic region. The United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations (WP.29) has defined two such regulations that apply to members of the UNECE region [17]. The first regulation concerns the mandate for automotive manufacturers to implement a Cybersecurity Management System (CSMS) [3], while the second concerns the regulation for establishing a Software Update Management System (SUMS) [6]. These regulations cover four distinctareas, which include managing the vehicle cybersecurity...

While the primary standards may provide a holistic framework for engineering secure automotive products, they rely on secondary and supporting standards to address specific technical areas of the engineering life cycle. Awareness of such standards is necessary to judge whether they apply to your organization or product offering.

IATF 16949:2016

Developing automotive products within the framework of a quality management system (QMS) serves as a prerequisite to achieving product security. ISO/SAE 21434 makes adherence to a QMS a requirement, which is reasonable considering the difficulty of arguing that a product is secure while not being able to demonstrate its quality [9]. For example, software developed outside a QMS is expected to contain more bugs due to the lack of formal quality checks, such as code reviews and software tests. A percentage of those software bugs are likely exploitable by an attacker. Without the help of a QMS, we are unable to manage...

The remaining part of this chapter focuses on standards and resources that are useful but not mandatory. Organizations are encouraged to maintain a list of such resources to raise awareness among security practitioners and stay up to date on the latest publications of security best practices.

MITRE Common Weakness Enumeration (CWE)

MITRE compiles a list of software and hardware security weaknesses based on vulnerabilities that are periodically filed in the National Vulnerability Database (NVD) [72]. These weaknesses are grouped into classes for ease of searching. Every year, MITRE publishes the Top 25 CWEs [42] based on the vulnerabilities reported throughout the year:

Figure 4.9 – Snapshot of the Top 25 CWEs from 2022

As shown in Figure 4.9, CWE-787 remains in the Top 25 CWEs as the most common root cause of memory safety vulnerabilities that produce out-of-bound writes. Being aware of the Top 25 CWEs as...

In conclusion, understanding and implementing automotive cybersecurity standards is not merely a regulatory requirement but a cornerstone of building cyber-resilient automotive systems. In this chapter, we classified standards into three main categories: primary, secondary, and supporting, to provide a holistic view of the compliance layers. While primary standards form the backbone and are often mandated, secondary and supporting standards play an important role in implementing a robust cybersecurity management system. They also serve as useful resources in understanding security weaknesses and security best practices and offer general guidance for developing secure automotive systems and their supporting infrastructure. Furthermore, compliance with these standards ensures an orderly, process-driven approach that fortifies each stage of the vehicle life cycle, from development to operation. Given the fact that the landscape of automotive cybersecurity is in constant flux,...

Besides the standards and references we discussed in this chapter, the following list contains additional resources that are worthy of consideration for further reading:

• [1] Automotive SPICE® Process Reference Model Process Assessment Model Version 3.1: http://www.automotivespice.com/fileadmin/software-download/AutomotiveSPICE_PAM_31.pdf
• [2] Cybersecurity Best Practices | 2020 Update: https://www.nhtsa.gov/document/cybersecurity-best-practices
• [3] UN Regulation No. 155 - Cyber security and cyber security management system: https://unece.org/sites/default/files/2021-03/R155e.pdf
• [4] SEI CERT C Coding Standard: https://wiki.sei.cmu.edu/confluence/display/c
• [5] UN Regulation on uniform provisions concerning the approval of vehicles with regard to cyber security and of their cybersecurity management systems: http://www.unece.org/DAM/trans/doc/2020/wp29grva/ECE-TRANS-WP29-2020-079-Revised.pdf
• [6] UN Regulation No. 156 – Software update...