Automotive cyber security experts need to be familiar with a wide range of topics and domains, in order to properly assess and design the security posture of their vehicles across an increasingly complex ecosystem. The continually increasing threat of cyber-attacks on vehicles has led to the release of multiple standards, best practices, and guidelines designed to assist OEMs and Tier 1s address these threats and align their cyber security strategies accordingly.

Argus Cyber Security experts are happy to bring you this dedicated automotive standards and compliance blog, which will summarize standards and regulations from a broad range of global agencies, national regulatory bodies, and automotive safety institutions.

Current and Pending Standards Covered in this Blog:

• Overview and Processes
  • Incident response procedures
    • ISO/IEC 27035:2016 Information Technology, Security Techniques, and Information Security Incident Management
    • ISO/IEC 29147:2018 Information Technology — Security Techniques — Vulnerability Disclosure
    • ISO/IEC 30111:2013 Information Technology — Security Techniques — Vulnerability Handling 
  • Development practices
    • ISO 26262:2018 Road vehicles — Functional safety
    • ISO/SAE 21434 Road Vehicles — Cybersecurity Engineering
    • SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
    • NHTSA Cybersecurity Best Practices for Modern Vehicles
    • Auto-ISAC Series of Automotive Cybersecurity Best Practices
    • IPA Approaches for Vehicle Information Security
    • PAS 1885:2018 The fundamental principles of automotive cyber security
    • ENISA Cyber Security and Resilience of Smart Cars
  • The automotive life-cycle

• In-vehicle Security Design
  • Connected modules hardening solutions
    • Trusted Execution Environment (TEE)
    • Hersteller Initiative Software (HIS) Security Hardware Extension (SHE)
    • Trusted Platform Module 2.0
    • E-safety Vehicle Intrusion protected Applications (EVITA)
  • EE Architecture
    • ISO 14229-1:2013 Road vehicles — Unified diagnostic services (UDS) — Part 1: Specification and requirements

• Communication Channels
  • Cellular network considerations
    • 3GPP Confidentiality and Integrity Algorithms for GSM and GPRS
    • NIST SP 800-187 Guide to LTE Security
    • eSIM GSMA: The SIM for the Next Generation of Connected Consumer Devices
    • ETSI EN 303 613 V1.1.0
  • Feature-specific communications

• External Influences
  • In-vehicle user interfaces
    • NIST SP 800 121 Guide to Bluetooth Security
    • SP 800-153 Guidelines for Securing Wireless Local Area Networks (WLANs)
  • OTA update security
    • Uptane: Securing Software Updates for Automobiles
    • UNECE Recommendation on Software Update Processes
    • Public Key Certificate x.509
  • Cyber-physical remote apps – user/dealership apps security
    • Federal Motor Vehicle Safety Standard 114: Theft Protection and Rollaway Prevention
    • Open Web Application Security Project Mobile AppSec Verification Standard 1.1.4
    • NIST Special Publication 800-163 Vetting the Security of Mobile Applications
  • Sensors and AV

• Government Compliance
  • Privacy concerns
    • Consumer Privacy Protection for Vehicle Technologies and Services
    • General Data Protection Regulation (GDPR)
  • Security regulations and best practices
    • ETSI Intelligent Transport Systems; Security Standards Series
    • UNECE WP.29 GRVA – Cyber Security