Intelligent transportation systems (ITS) require harmonization among manufacturers to possess any potential for succeeding in real life. No large-scale car manufacturer, multimodal shipper, or MaaS (Mobility as something) provider will risk purchasing a single-vendor solution. Successful ITS require interoperable components, for managing cybersecurity issues especially. See https://www.trendmicro.com/vinfo/us/security/news/intelligent-transportation-systems for a couple of reports on ITS cybersecurity.

Fortunately we have a typical for automotive cybersecurity now, ISA/SAE 21434. This standard addresses most of the major components of connected car security including V2X, reaching from the internals of ECUs and communications busses including CAN to the broader issues of fleet management and public safety. See https://www.iso.org/standard/70918.html for the present draft version of the standard.

Intelligent transport systems depend on complex, contemporary infrastructure elements, including cloud (for data aggregation, traffic analysis, and system-wide recommendations) and 5G (for inter-component networking and real-time sensing). ITS depend on aging industrial control systems and components also, for vehicle detection, weather reporting, and traffic signaling, some dating forty years or even more back. This profound heterogeneity makes the cybersecurity problem unwieldy. Automotive systems will be the most complex public-facing applications of industrial IoT generally. Any information security issues with them shall erode public rely upon this important and ultimately critical infrastructure.

Robert Bosch GmbH began focusing on the initial automotive bus architecture in 1986. Automobiles gained increasing electronic functions (smog controls, seat belt monitors, electric window controls, climate controls, etc). With each new device, the manufacturers had to set up additional point-to-point wiring to monitor and control them. This resulted in increasing complexity, the chance for error, extended manufacturing time, more expensive repair and diagnosis post-sales, and added weight. See Figure 1 for details. By replacing point-to-point wiring with a straightforward bus, manufacturers could introduce new features linked to one couple of wires for control. This simplified design, developing, diagnosis, and improved maintainability and quality.

The bus was simple: all devices saw all traffic and taken care of immediately messages highly relevant to them. Each message includes a standard format, with a header describing the message content and priority (the arbitration IDs), the physical body which provides the relevant data, and a cyclic redundancy check (CRC), which really is a program code to verify that the information contents are precise. This CRC runs on the mathematical formula to find out if any bits have flipped, and for little amounts of errors can right the message, such as a checksum. This isn’t as powerful as an electronic signature. It does not have any cryptographic power. Every gadget on the bus may use the CRC algorithm to make a code for text messages it sends also to verify the info integrity of communications it receives. Apart from this, there is absolutely no information confidentiality, authentication, authorization, information integrity, or non-repudiation in May bus text messages – or any automotive bus messages. The devices found in cars are very simple generally, lightweight, and inexpensive: 8-bit processors with little memory up to speed. Any device linked to the network is trusted. Figure 2 shows the layout of a CAN bus message.

Today’s automobiles have significantly more sophisticated devices up to speed. The forms of messages and the ongoing services the offer have become more complex. In-vehicle infotainment (IVI) systems provide maps, music, Bluetooth connectivity for smartphones along with other devices, along with a lot more elaborate driving monitoring and assistance systems all add increased traffic to the bus. But given the diversity of suppliers and manufacturers, impeding security measures on the automotive network. Today achieve what Robert Bosch did nearly forty years back no vendor could. Yet the dependence on stronger vehicle security keeps growing.

The ISO/SAE 21434 standard describes a model for securing the supply chain for automotive technology, for validating the integrity of the development process, detecting cybersecurity and vulnerabilities attacks in automotive systems, and managing the deployment of fixes as needed. It really is comprehensive. ISO/SAE 21434 builds on decades of work in information security. Through the use of that physical body of knowledge to the automotive case, the typical shall move the towards a safer and much more trustworthy connected car world.

However the standard’s value doesn’t stop with cars and intelligent transport systems. Domains far beyond connected cars will reap the benefits of having a model for securing communications among elements from diverse manufacturers sharing a standard bus. The CAN bus and related technologies are employed onboard ships, in aircraft, in railroad management, in maritime port systems, and in controlling prosthetic limbs even. The vulnerabilities are normal, the complexity of the supply chain is equivalent, and the necessity for a thorough architectural solution is really as great. Which means this standard is an excellent achievement and will head to enhance the quality far, reliability, and standing of critical systems globally.

What do you consider? I want to know in the comments below or @WilliamMalikTM.