4 min

The Software Defined Vehicle: a growing need for cybersecurity

In-vehicle cybersecurity is on the verge of major changes that will affect all vehicle manufacturers. Vehicles are now more connected than ever, and today’s on-board computer is a high-performance IT system.

Cyber risks - Thomas Joos - November 27, 2023

“Software Defined Vehicle,” or SDV, is a term used to describe cars, vans, and other vehicles in which software plays a central role. The software is essential for driver assistance systems, autonomous driving, sensors, voice control, connection to the Internet and to other vehicles, and is also used to remotely update the vehicle via an over-the-air (OTA) link.

In today’s cars, software plays a key role in steering and braking, which is why cybersecurity is so important. Put bluntly, without software, today’s cars could barely function, and we’re not just talking about electric cars. Commercial vehicles, motorcycles, and other modern vehicles rely heavily on software, as do the internal combustion engines that still drive many of these. Cybersecurity is therefore an important consideration for all manufacturers and all types of engine. The more sophisticated a vehicle is, the more assistance systems it includes, and the more critical cybersecurity becomes.

The importance of safety

Modern vehicles need to integrate safety components in a well-thought-out way. We’re not just talking about cost or data: the lives of passengers and other road users are also at stake. If certain software-controlled components were to fail, the driver could lose control of the vehicle.

The challenge is therefore to prevent anyone with malicious intent from using the vehicle’s various interfaces—via Wi-Fi, Bluetooth, or OTA—to compromise the integrity of these components. Today’s vehicles provide cybercriminals and their malware with numerous entry points they can exploit. Vehicle manufacturers and their suppliers therefore need to think about reliable ways of protecting these components.

To provide this protection, designers often resort to isolating components through virtualization. This approach means that the vehicle’s various components and services can still communicate and function together, but the attacker or malicious code cannot target a component by “separating” it from the software to take control of other vehicle components.

The real-time operating system solution

A real-time operating system (RTOS) with an integrated hypervisor can make it easier to integrate components and upgrade them, while still allowing them to communicate with each other. The RTOS is designed to perform specific tasks within a tight time boundary. While unexpected shutdowns or slowdowns can sometimes occur when using a computer and its operating system, these glitches are unacceptable on board an SDV.

A sophisticated and secure RTOS ensures that any compromised component cannot affect other vehicle components. For example, it must prevent hackers from accessing the infotainment system and then interfering with the brakes or steering. The vehicle’s external interfaces must also be protected from unauthorized access. Here too, the vehicle’s operating system has a role to play.

A host of security measures

The new UN binding regulations (UNECE R155 and R156) call explicitly for the implementation of a security architecture for on-board software in vehicles in general, and for gateways in particular. The operating system is crucial to in-vehicle security.

It is based on a type 1 hypervisor, which provides the required component isolation. Certified to ISO 26262, the RTOS provides the basis for ISO 21434 certification, which will be essential for SDV cybersecurity. To be secure and qualify for this certification, a system would need to be certified according to commonly accepted criteria (EAL5+). The development of future production vehicles will of course have to take cybersecurity requirements into account.

ISO/SAE 21434 (Road Vehicles – Cybersecurity Engineering) is a joint ISO and SAE standard that was published in 2021. It applies to all industry players and is designed to ensure that companies’ security specifications are consistently incorporated into vehicle mass production.

In the near future, the automotive industry will have to design test programs that cover the different hypotheses. These will include static analysis, software composition analysis, functional testing, fuzz testing, and penetration testing. This approach will ensure that problems are identified and dealt with at an early stage in the development cycle, before validation.

Ideally, the operating system should also support encryption of data and communications, both externally and between components. Encrypted data systems and the TLS protocol both contribute to this goal.

Edge2Cloud applications for SDVs

Edge2Cloud applications also play an important role in SDV cybersecurity. They provide the means for exchanging sensitive data between different vehicles. Each vehicle sends analyzed data to the cloud, and other vehicles can then use this data.

It is not surprising, then, that Edge2Cloud applications and the in-vehicle RTOS must guarantee the highest possible levels of data security, protection, and quality. Compliance with applicable regulations and directives is essential.

Edge2Cloud is also the technology used to track vehicles and send updates to them, keeping all on-board components, devices, and sensors in peak working condition. Sensitive data, however, must not leave the vehicle.

Over-the-air technology for updates

Alongside security measures that will become the standard in automotive development, reactive measures will continue to play an important role. The automotive industry will need to react quickly to new intrusion vectors or security holes. Take, for example, the OTA (over-the-air) features of connected vehicles. These processes need to be designed, secured, scaled up, and deployed as robustly as possible, so they can be relied on to update a large number of different vehicles.

Software is a target for cybercriminals. In the future, therefore, manufacturers must be able to update it at any time after deployment. To achieve this, they will need to put in place various processes, including continuous cybersecurity monitoring to detect new types of attack and identify system weaknesses and security holes.

Send this to a friend