Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Automotive Cybersecurity Engineering Handbook

You're reading from   Automotive Cybersecurity Engineering Handbook The automotive engineer's roadmap to cyber-resilient vehicles

Arrow left icon
Product type Paperback
Published in Oct 2023
Publisher Packt
ISBN-13 9781801076531
Length 392 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Dr. Ahmad MK Nasser Dr. Ahmad MK Nasser
Author Profile Icon Dr. Ahmad MK Nasser
Dr. Ahmad MK Nasser
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Part 1:Understanding the Cybersecurity Relevance of the Vehicle Electrical Architecture
2. Chapter 1: Introducing the Vehicle Electrical/Electronic Architecture FREE CHAPTER 3. Chapter 2: Cybersecurity Basics for Automotive Use Cases 4. Chapter 3: Threat Landscape against Vehicle Components 5. Part 2: Understanding the Secure Engineering Development Process
6. Chapter 4: Exploring the Landscape of Automotive Cybersecurity Standards 7. Chapter 5: Taking a Deep Dive into ISO/SAE21434 8. Chapter 6: Interactions Between Functional Safety and Cybersecurity 9. Part 3: Executing the Process to Engineer a Secure Automotive Product
10. Chapter 7: A Practical Threat Modeling Approach for Automotive Systems 11. Chapter 8: Vehicle-Level Security Controls 12. Chapter 9: ECU-Level Security Controls 13. Index 14. Other Books You May Enjoy

What this book covers

Chapter 1, Introducing the Vehicle Electrical/Electronic Architecture, covers the vehicle E/E architecture, which comprises the computing nodes, communication channels, sensors, and actuators distributed over several functional domains. Understanding the various E/E architectures of vehicles is essential to gain a perspective on how the vehicle can be attacked. This section examines the E/E architecture of several vehicle types and introduces the reader to different types of computing nodes, networking protocols, sensors, actuators, and security-relevant interfaces.

Chapter 2, Cybersecurity Basics for Automotive Use Cases, covers the basic principles of cybersecurity and cryptography, which are important to understand before tackling the problem of securing automotive systems. For people skilled in the art of cybersecurity, this chapter can be skipped; but for others, it is a prerequisite to help set the stage for other chapters. The reader is introduced to cryptographic methods with a general explanation of how each one can be applied to an automotive use case. The chapter then switches to common security principles that should guide the design of any secure system.

Chapter 3, Threat Landscape against Vehicle Components, follows on from Chapter 1, where the reader gained insights into the vehicle E/E architecture and the various components it supports. In this chapter, the reader walks through the various threats that exist for each component and vehicle subsystem. Understanding the threat landscape helps us understand why automotive cybersecurity is critical and establishes the groundwork for later chapters that aim to address those threats. The chapter walks the reader through each category of threats and then explores the common security weaknesses that make those threats viable. We take a top-down approach, starting with cybersecurity weaknesses at the vehicle level and then zooming in to various components and subcomponents at the ECU level.

Chapter 4, Exploring the Landscape of Automotive Cybersecurity Standards, covers engineering automotive systems, which require compliance with a myriad of quality and safety standards. With the introduction of cybersecurity to automotive systems, the automotive engineer is expected to be well versed in the various automotive cybersecurity standards. This section introduces standards such as ISO21434, REG155, REG156, TISAX, and SAE J3101. The reader is given a breakdown of each standard along with the rationale for why compliance is necessary.

Chapter 5, Taking a Deep Dive into ISO/SAE21434, covers ISO/SAE21434, which is the de facto standard for automotive cybersecurity engineering. It guides the reader through the complete secure development life cycle as well as cybersecurity management and risk governance. This chapter will walk through all the sections of the standard and explain why each one is important and how it shapes the product engineering life cycle.

Chapter 6, Interactions Between Functional Safety and Cybersecurity, covers functional safety, which is a differentiating aspect of automotive systems when compared to IT systems. The vast majority of automotive ECUs have a certain degree of safety relevance, which pulls into the picture various standards, such as ISO26262 and SOTIF. Building secure systems that are safety relevant requires close cooperation between the two engineering approaches. A disjointed approach is guaranteed to result in high costs, and inconsistencies that can lead to a project’s failure. This chapter describes the various areas where safety and security engineering approaches overlap and where they need to be reconciled. A basic understanding of functional safety is a prerequisite to reading this chapter.

Chapter 7, A Practical Threat Modeling Approach for Automotive Systems, covers threat modeling, which is at the core of any secure engineering process. It is the driver for understanding threats against the system and deriving cybersecurity goals, controls, and requirements necessary to treat those threats. Due to the safety aspect of automotive systems, general threat modeling approaches from IT systems are not suitable for automotive security analysis. To bridge that gap, several automotive-centric threat modeling methods have been proposed. In this chapter, we explore the different threat modeling methods available and how they integrate the safety aspects. We show common challenges in applying a TARA to a complex system. Then, we present an optimized approach that accounts for various types of automotive systems and components to produce a comprehensive set of security requirements that ensure system security.

Chapter 8, Vehicle-Level Security Controls, explores the various security controls and techniques available to build cyber-resilient automotive systems. The book started with exploring threats and weaknesses and then detoured into applying a systematic cybersecurity engineering process to identify risks that require treatment. This chapter delves into each technology area and presents the most common methods used to create mitigations at the vehicle level considering the complete vehicle life cycle. It also presents common pitfalls to avoid when implementing those controls.

Chapter 9, ECU-Level Security Controls, applies a similar approach to Chapter 8, which focused on security controls applied at the vehicle level, but this time at the ECU level. Keeping up with the principle of defense-in-depth requires us to build resilient vehicle components at the ECU and sub-ECU levels. This chapter takes a layered approach to securing the ECU and its sub-components. We will examine the various technologies available, understand their challenges and pitfalls, and then discuss how to use them securely.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image