Welcome to Argus Automotive Cyber Security Standards and Compliance Blog

Automotive cyber security experts need to be familiar with a wide range of topics and domains, in order to properly assess and design the security posture of their vehicles across an increasingly complex ecosystem. The continually increasing threat of cyber-attacks on vehicles has led to the release of multiple standards, best practices, and guidelines designed to assist OEMs and Tier 1s address these threats and align their cyber security strategies accordingly.

Argus Cyber Security experts are happy to bring you this dedicated automotive standards and compliance blog, which will summarize standards and regulations from a broad range of global agencies, national regulatory bodies, and automotive safety institutions, such as: 

Alliance of Automobile Manufacturers (the Auto Alliance), the Association of Global Automakers, U.S. National Institute of Standards and Technology (NIST), the GSM Association (GSMA), the European Standards Organization (ETSI), the Uptane Alliance, the United Nations Economic Commission for Europe (UNECE), the Open Web Application Security Project (OWASP), the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), Herstellerinitiative Software (HIS), the Trusted Computing Group (TCG), the E.U. E-safety Vehicle Intrusion proTected Applications project (EVITA), the Society of Automotive Engineers (SAE International), Global Platform, the U.S. Department of Transport National Highway Traffic Safety Administration (DOT NHTSA), the Automotive Information Sharing and Analysis Center (Auto-ISAC), the European Union Agency for Cybersecurity (ENISA),  Japan’s Information Technology Promotion Agency (IPA), and the U.K. British Standards Institution. 

The blog will cover a list of current and pending standards across the vehicle ecosystem, as shown below.  We offer this initial list as a point of reference and summarized the standards to the best of our understanding. To suggest a modification or an update to this list, please do not hesitate to contact us at [email protected]. We look forward to your feedback and being part of the conversation as our industry fast forwards to an exciting era of safe, secure mobility.  

Note: For full details on any of the standards or guidelines referenced here, it is recommended to read the original document.

Current and Pending Standards Covered in this Blog

• Overview and Processes
  • Incident response procedures
    • ISO/IEC 27035:2016 Information Technology, Security Techniques, and Information Security Incident Management
    • ISO/IEC 29147:2018 Information Technology — Security Techniques — Vulnerability Disclosure
    • ISO/IEC 30111:2013 Information Technology — Security Techniques — Vulnerability Handling 
  • Development practices
    • ISO 26262:2018 Road vehicles — Functional safety
    • ISO/SAE 21434 Road Vehicles — Cybersecurity Engineering
    • SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
    • NHTSA Cybersecurity Best Practices for Modern Vehicles
    • Auto-ISAC Series of Automotive Cybersecurity Best Practices
    • IPA Approaches for Vehicle Information Security
    • PAS 1885:2018 The fundamental principles of automotive cyber security
    • ENISA Cyber Security and Resilience of Smart Cars
  • The automotive life-cycle

• In-vehicle Security Design
  • Connected modules hardening solutions
    • Trusted Execution Environment (TEE)
    • Hersteller Initiative Software (HIS) Security Hardware Extension (SHE)
    • Trusted Platform Module 2.0
    • E-safety Vehicle Intrusion protected Applications (EVITA)
  • EE Architecture
    • ISO 14229-1:2013 Road vehicles — Unified diagnostic services (UDS) — Part 1: Specification and requirements

• Communication Channels
  • Cellular network considerations
    • 3GPP Confidentiality and Integrity Algorithms for GSM and GPRS
    • NIST SP 800-187 Guide to LTE Security
    • eSIM GSMA: The SIM for the Next Generation of Connected Consumer Devices
    • ETSI EN 303 613 V1.1.0
  • Feature-specific communications

• External Influences
  • In-vehicle user interfaces
    • NIST SP 800 121 Guide to Bluetooth Security
    • SP 800-153 Guidelines for Securing Wireless Local Area Networks (WLANs)
  • OTA update security
    • Uptane: Securing Software Updates for Automobiles
    • UNECE Recommendation on Software Update Processes
    • Public Key Certificate x.509
  • Cyber-physical remote apps – user/dealership apps security
    • Federal Motor Vehicle Safety Standard 114: Theft Protection and Rollaway Prevention
    • Open Web Application Security Project Mobile AppSec Verification Standard 1.1.4
    • NIST Special Publication 800-163 Vetting the Security of Mobile Applications
  • Sensors and AV

• Government Compliance
  • Privacy concerns
    • Consumer Privacy Protection for Vehicle Technologies and Services
    • General Data Protection Regulation (GDPR)
  • Security regulations and best practices
    • ETSI Intelligent Transport Systems; Security Standards Series
    • UNECE WP.29 GRVA – Cyber Security