Oct 01, 2022

Cybersecurity Assurance Levels in Automotive Supply Chain

  • By John Smith,
Cybersecurity Assurance Levels in Automotive Supply Chain

Understand the role of cybersecurity assurance levels in a road vehicle safety plan that complies with ISO SAE 21434.

ISO SAE 21434, a vehicular cybersecurity standard indicates the cybersecurity risk management requirements for the electrical and electronic apparatus of road vehicles. It encompasses the engineering of the concept, progress, manufacture, operation, maintenance, and disposal.

What is the Cybersecurity assurance level (CAL)?

The cybersecurity assurance level is a classification network that describes the criteria that must be met to provide security at all phases of a product’s life cycle. These level goals are supported by reasons and measured using technical indicators. The method changes as the industries and technologies evolve.

For, ISO SAE 21434, the levels should be incremental. This means that to progress, you must fulfill the lower assurance level, to be used as a road vehicle safety measure.

One fundamental level of securing cybersecurity is to create trust boundaries. Setting trust boundaries to reach material cost targets and isolating fewer complex electronics is necessary for all component certification. Similarly, the approval of electronic components depends upon building trust within the system. Trust is obtained through a diverse approach that supports authentication and authorization that are encrypted together. 

The encryption norms can change or electrical system division technology may improve but the level of security can be achieved through independent technical goals. Further, as the operating environment of road vehicles changes, business goals can be adapted to these cybersecurity levels.

Determine the number of levels required

You can use the cybersecurity assurance level to set goals and support communication outside of the security and development teams. The main purpose is to assess the risk of a specific set of attacks and their impact, especially attacks on road vehicles.

Attacks may demand physical access to road vehicles or local connections restricted to nearby areas. Serious attacks can be carried out remotely over extensive networks or through remote communication methods. Along with the attack vector, impact, and other elements, the evaluator can develop a confidence level related to the level of safety for each component of the vehicle’s power system.

There is no uniform distribution of guarantees and objectives. You can assign a security level for all cybersecurity targets in a component, or you can assign multiple security levels for each cybersecurity target. However, in the automotive sector, every company has corresponding cybersecurity goals. Languages ​​such as “prevention” or “protection” are often used for setting goals. Technical standards and requirements should not be included in such goals.

Organizations can have a single cybersecurity goal or a set of goals to express a security maturity roadmap for internal as well as external use.

Setting cybersecurity assurance activity

You can use a single CAL to convey multiple targets for a component or use multiple levels to convey each cybersecurity target. In short, there is a many-to-many connection between guarantees and goals. Record the assurance level of cybersecurity so that everyone can define system-related cybersecurity responsibilities and express goals across departments. Documentation can also employ a risk-based technique to track delivery link agreements. In the event of an attack that requires physical access to components or the entire system, the level of security of the network must be maintained depending on the impact it has had.

Related Posts