SAE Cybersecurity Standard Seeks to Shield Vehicles from Hackers

SAE International will release J3061, the world’s first standard for automotive cybersecurity, the organization says, in the first quarter of 2016. J3061 addresses the vulnerability of connected vehicles to hacking, which in some cases can lead to loss of control.

The standard seeks to secure all forms of connectivity in private and commercial vehicles, said Lisa Arrigo, who moderated a Dec. 3, 2015 webinar about the development.

“Cybersecurity is relatively new to the automotive domain,” noted Barbara Czerny, senior technical specialist and safety assessor at ZF TRW, who spoke at the webinar. “Most information does not address the unique aspects of embedded controllers.”

J3061 promotes a holistic cybersecurity strategy that covers a vehicle’s lifecycle. The objective is to reduce the likelihood of successful cyberattacks, Czerny explained, adding that no system is 100% secure from all threats. The goal is to identify major threats from hackers and make systems resistant to them.

Connected cars, of which functions work through apps, such as MyFord, which lets electric car owners monitor and control their vehicles, are introducing hacking vulnerabilities that SAE standard J3061 seeks to ameliorate.

The standard recommends that OEMs and suppliers adopt a “defined and structured process” to “ensure that cybersecurity is built into the design,” Czerny said. A structured process for cybersecurity “helps reduce the likelihood of a successful attack” and “provides a clear means to react to a continually changing threat landscape.”

Czerny compared this approach to the integration of functional safety standards in vehicles. The process framework of J3061 is, in fact, based on ISO 26262, a safety standard for automotive electrical/electronic systems. She said that cybersecurity and safety systems share related activities in vehicles and should work with each other. Experts in both areas must interact to assure that cybersecurity countermeasures do not conflict with safety measures or mechanisms, she added.

Among the features of J3061 is the definition of a lifecycle process framework; information on tools and methods for designing, verifying, and validating cyberphysical vehicle systems; high-level cybersecurity guiding principles; and a foundation for ongoing standards development.

READ MORE CYBERSECURITY ARTICLES ON DESIGN NEWS:

Other content includes development of threat analysis and risk assessments; the process framework for development of systems, hardware, and software; production, operation, and service procedures; and supporting processes.

For all of this to be effective, management must create and sustain a cybersecurity culture that supports and encourages achievement of goals, said Lisa Boran, global security attribute leader at Ford. Companies also need to develop and implement training and mentoring programs, as well as operation and maintenance activities that include incident response and field-monitoring procedures.

The standard is a work in progress. Boran said SAE seeks input from industry experts and that J3061 will be expanded.

Auto OEMs are ramping up cybersecurity investments. Arrigo said that by 2017 cybersecurity research will increase 61%, connected technology research 85%, and research into secure connected vehicle technologies 187%.

Pat Toensmeier has more than 30 years of experience writing for business-to-business publications. His main areas of coverage have been defense, design, manufacturing, technology and chemicals, especially plastics and composites. He has reported extensively on developments in these areas from the U.S. and Europe, and covered industry events as well in Brazil and Asia. Toensmeier has held various positions at major publishers such as the McGraw-Hill Companies and Hearst Corporation. A graduate of the University of Missouri, he is a contributing editor for several print and online publications. Toensmeier is based in suburban New Haven, Conn.

Like reading Design News? Then have our content delivered to your inbox every day by registering with DesignNews.com and signing up for Design News Daily plus our other e-newsletters. Register here!

Design engineers and professionals, the West Coast’s most important design, innovation, and manufacturing event, Pacific Design & Manufacturing, is taking place in Anaheim, Feb. 9-11, 2016. A Design News event, Pacific Design & Manufacturing is your chance to meet qualified suppliers, get hands-on access to the latest technologies, be informed from a world-class conference program, and expand your network. (You might even meet a Design News editor.) Learn more about Pacific Design & Manufacturing here.