Automotive Vehicle Security Standards, Regulations, and Compliance

Introduction

The future of the automotive industry looks very promising with technology adding many conveniences such as Internet access, automated parking, and automated braking being applied using sensors that observe a crash situation before a driver would have time to react. In the foreseeable future, it is quite possible that consumers will even be able to purchase completely autonomous vehicles offering tremendous advantages for persons who are not able to drive but would still like to have the independence of being able to get around on their own.

However, the automation of vehicles does carry risks that society is currently trying to address in terms of cybersecurity. Taub (2021) makes the point that although consumers love the many automated features that are being included in today’s automobiles, hackers likely see this trend as an upcoming opportunity to eventually hijack vehicles. He states that probably “the best-known vehicle takeover occurred in 2015 when security researchers on a laptop 10 miles away caused a Jeep Cherokee to lose power, change its radio station, turn on the windshield wipers and blast cold air.” This incident resulted in Jeep’s parent company recalling 1.4 million vehicles to fix the vulnerability. The ability to breach a vehicle’s security could range in severity from being annoying like turning on the windshield wipers to something disastrous like making a vehicle unexpectedly speed up or lose its ability to apply braking.

The semi- or full-automation of vehicles requires a dependable and robust connectivity. A study (Juniper Research, 2020) by Juniper Research reports that the number of vehicles with embedded connectivity will reach 200 million globally by 2025. This is a significant increase from the 110 million in 2020. Consequently, this Machine-to-Machine (M2M) connectivity provides both conveniences as well as additional safety and security issues to manufacturers, consumers, and service providers.

The demand for increased safety and security measures due to the technological advancements of connected and autonomous vehicles prompted the creation of new and additional vehicle standards and regulations. These efforts are made to produce secure, reliable, effective, and safe vehicles.

The remainder of this chapter is conceptually divided into four major topics:

• 1.

  The first is some background describing vehicle communications and communication protocols.

• 2.

  The main focus of the chapter considers some guidance regarding vehicle security and related guidelines, standards and regulations.

• 3.

  The section on Solutions and Recommendations begins by discussing compliance with IS 21434 along with describing cybersecurity assessments and audits. It then presents illustrations regarding how key elements of a cybersecurity framework are addressed by the NIST Framework Core in a way that links them to COBIT 2019. It closes with a consideration of reasons why fuzz testing should be a part of a system development life cycle.

• 4.

  Concluding sections are then presented to describe some future research directions and a conclusion.

Background

The automobiles of today offer several driver assistance technologies including “forward collision warning, automatic emergency braking, and vehicle safety communications.” The future of this trend has the potential to drastically reduce the number of crashes. This is particularly true regarding accidents attributable to errors in human judgment (National Highway Traffic Safety Administration (NHTSA), 2020) Unfortunately, the automation of automobiles is subject to dangers associated with cybersecurity challenges. The connectivity of vehicle communication provides an entry point for a variety of cyber-attacks. In order to familiarize the uninitiated, this section describes categories of vehicle communication and types of communication protocols.