SAE J3061
The SAE J3061 "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems" is published by the SAE as a practical guide for the cyber security of vehicles. The standard published in January 2016 describes on 128 pages a framework for safeguarding information security of a product over the entire life cycle (from development to decommissioning / scrapping) and provides an overview of cybersecurity methods through numerous references to other projects.
content
The key points of SAE J3061 are:
- Cornerstones of a process model that the organization (company) can adapt for itself.
- Presentation of some methods and tools for the protection of technical systems that are used in vehicles
- Basic principles of cyber security / information security
- Basis for the development of further standards, which was included in ISO / SAE 21434 after publication .
Some methods are derived from ISO 26262 "Functional Safety Road Vehicles" ( functional safety ), and there are numerous references to this standard.
The standard consists of 9 chapters and 9 appendices:
| part | title | content |
|---|---|---|
| 1 | Scope | Description of the scope of this standard |
| 2 | References | References to literature |
| 3 | Definitions and acronyms | Definitions of terms and abbreviations, which should serve as the basis for a common technical language, so that misunderstandings are avoided in the technical exchange |
| 4th | Relationship between system safety and system cybersecurity | Relationship between system safety and security, whereby here system security means product safety and is therefore more broadly defined than in ISO 26262 |
| 5 | Guiding principles on cybersecurity for cyber-physical vehicle systems (CPS) | Analysis of the properties and principles of cyber security worthy of protection represent a rough guide for the manufacturer of a vehicle or a component in order to define the activities necessary to protect the product |
| 6th | Cybersecurity process overview | Cornerstones of a cybersecurity process. The phases of the development cycle are based on ISO 26262 Part 3–8 (concept phase, system development, hardware, software, production, supporting processes) |
| 7th | Overall management of cybersecurity | Basic requirements for the organization that is supposed to support cybersecurity by not seeing cybersecurity as grafted on, but as a natural part of product development. This is similarly required and described in ISO 26262 Part 2 for functional safety |
| 8th | Process implementation | Measures for communication between cybersecurity and safety processes in the different phases of the product life cycle, if these processes are carried out separately, as well as the description of numerous methods and documents |
| 9 | Notes | Notes on the meaning of editorial markings in the document |
| A. | Description of cybersecurity analysis techniques | Presentation of different analysis methods |
| B. | Example templates for work products | OCTAVE template presented as an example |
| C. | Examples using identified analyzes | Examples of different analyzes (Threat and Operability Analysis, Attack Tree, HEAVENS Security Model) |
| D. | Security & privacy controls description and application | Summary of various methods for protecting confidentiality (privacy) |
| E. | Vulnerability databases and vulnerability classification schemes | Classification of vulnerable points and other weaknesses of a product |
| F. | Vehicle level considerations | General considerations that the manufacturer of a vehicle should make |
| G | Current cybersecurity standards and guidelines that may be useful to the vehicle industry | List of other sources on cybersecurity |
| H | Vehicle project awareness | List of research projects on cybersecurity |
| J | Security test tools of potential use to the vehicle industry | List of categories for software analysis tools and some names of such programs. |
Cybersecurity and functional safety
The interaction of information security / cybersecurity and functional safety is addressed at some points in SAE J3061, since the goals of information security and functional safety are problematic at some points.
This concerns, for example, the goal of an attacker to shut down a system. If he can simulate a dangerous situation to the part of the system that monitors functional safety (subsystem), the 'functional safety' subsystem will bring the entire system into a safe state so that it is no longer fully operational, so that there is no Cause danger.
The aim of cybersecurity is to maintain the availability of the system. The cybersecurity subsystem would therefore try to detect such attacks and prevent them from penetrating the functional safety subsystem.
However, it can hardly be assumed that the cybersecurity subsystem is perfect. A part of successful attacks is let through, so that the entire system can be deactivated by the attacker ( false positive case ), but it could also prevent real incident information from reaching the functional safety subsystem ( false negative case ).
Both cases are critical, because when an aircraft engine or truck power steering is switched off, this must be managed by the operator. Conversely, suppressed incident information could lead to a real danger.
literature
- Society of Automotive Engineers (Ed.): SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems . SAE International, USA January 1, 2016.