Status: Final Published
Date: January 2016, Version 1
Region: United States
SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems is a best practice by U.S.-based SAE International, a global standards development organization and professional association of engineers and technical experts in the aerospace, automotive, and commercial-vehicle industries. The guidebook was developed by the SAE’s Vehicle Cybersecurity Systems Engineering Committee, which is responsible for developing and maintaining recommended practices and information reports in the area of vehicle electrical systems’ security. J3061 is currently available for purchase.
The stated goal is to provide a cybersecurity process framework and guidance to help organizations identify and assess cybersecurity threats and design cybersecurity into cyber-physical vehicle systems throughout the entire development life cycle process. The SAE recommends using J3061 for all automotive functions that are ASIL rated (as per ISO 26262) or that are associated with propulsion, braking, steering, security, and safety. As such, SAE J3061 can be considered as complementary to ISO 26262, providing the system cybersecurity guidance that the latter lacks. The guidebook also recommends using cybersecurity processes when PII is being handled.
J3061 provides a comprehensive overview of cybersecurity implementation, from design to end of life. Not only does it offer basic guiding principles, but it also delivers a detailed step-by-step roadmap for process implementation (including potential milestones and reviews). It further provides guidelines on how to review the process implementation, through the set-up of a gate review team of technical experts (independent of the development process) that can report on the accuracy of cybersecurity implementation for each phase.
J3061 starts by underlining the relationship, and the differences, between system safety and system cybersecurity. System cybersecurity is the umbrella discipline, under which system safety is included. System safety is the state of a system that does not cause harm to life, property, or the environment, and the goal is to identify safety mechanisms to counter potential hazards (e.g., using a fault tree analysis). This is the remit of ISO 26262, for example.
System cybersecurity, on the other hand, and the focus of J3061, is the state of a system that minimizes the exploitation of vulnerabilities that can lead to losses, such as financial, operational, privacy, and safety losses. As such, system cybersecurity considers potential threats posed by threat actors (through the use of an attack tree analysis).
In order to implement appropriate cybersecurity, J3061 starts by recommending that organizations gain a full understanding of key cybersecurity principles (i.e., protecting PII, using the principle of Least Privilege, applying Defense in Depth, etc.). Once this has been performed, it should be followed by appropriate risk assessments and threat analysis.
Once these initial steps have been enacted, J3061 provides the guiding principles for implementing a complete cybersecurity process through four major phases:
- Concept and Design: This starts with the development of a cybersecurity program plan that will form part of the cybersecurity life cycle of the vehicle and includes the implementation of cybersecurity and analysis tools to design optimal security
- Development and Validation: These guidelines cover system, hardware, and software cybersecurity, and include vulnerability analysis, penetration testing, validation, assessments, and
- Incident Response: Reporting, investigation, resolution, and action procedures are recommended for responding to security
- End of Life: Includes the maintaining cybersecurity for operation and the servicing phases, such as repair and normal maintenance activities (e., connecting to the on-board diagnostics port, telematics system updates, vehicle/cloud computing interfaces, etc.).
J3061 outlines that these four phases should be supported by a continuous cybersecurity management process, which includes fostering a corporate culture of cybersecurity, ensuring compliance mechanisms are in place, measuring conformance to a process, securing internal and external communications channels (and notably with the supply chain), catering to cybersecurity training and mentoring of engineers, pre-emptive cybersecurity engagement (such as intelligence gathering in the threat field), and incident response processes.
Further supporting processes should also be the object of cybersecurity considerations, including configuration management, ownership change, and documentation management, as well as addressing any cybersecurity issues that may occur once the vehicle has gone to market.
Importantly, J3061 provides flexibility on how to implement the various cybersecurity process. Organizations can apply them either separately or in conjunction with a safety process (such as the one outlined by ISO 26262). Further, the cybersecurity process can be implemented in isolation from safety processes, as not all system cybersecurity relates necessarily to safety.
J3061 includes a number of appendices that reference other cybersecurity standards and guidelines, security analysis techniques, security and privacy controls, vulnerability databases, and classification schemes used in the industry.
J3061 is one of the few comprehensive cybersecurity implementation guidelines for the automotive industry. It has been developed specifically with functional safety in mind (and, in particular, ISO 26262) and was greatly anticipated at publication. The work done by the SAE in this regard is recognized not just by the automotive industry, but also by other standards organization, and is forming the baseline for the upcoming Automotive Cybersecurity Standard ISO/SAE 21434 (currently a WIP).