本篇文章在「品質管理體系及功能認證地圖 - Part 1. IATF 16949 & ISO 26262簡介」的基礎上繼續介紹安全有關的規範。本篇共同作者為ChatGPT。OT透過中文及英文兩種語言跟ChatGPT對談後,發現英文的回答比較有結構性,因此本篇文章會用英文來體現;但整體來說ChatGPT整合資料的能力非常令人驚艷。其實本來技術系列的文章OT比較想要以英文撰寫,除了練習寫作能力外,許多專業用語使用起來也比較習慣;現在為了配合後續本系列文章包含標題都會一併改為使用英文。另外是圖片的部分,則是使用「Midjourney」來繪製,不需要描述很多細節,Midjourney就可以繪製出完成度很高的作品。這些工具的存在似乎提供了人類生產力再次提升的養分。
In tihs article, I would like to show the ISO and IEEE standards which are related with automotive software security and information security. Except ISO 26262 mentioned in previous article "品質管理體系及功能認證地圖 - Part 1. IATF 16949 & ISO 26262簡介", some standards are also necessary to understand, such as ISO/SAE 21434, ISO 27001, ISO 27002, etc. To write this article I use ChatGPT. Its capability of integrating variant information is very impressive. In the meanwhile, to draw the pictures to show the idea of "automotive network" I use Midjourney. These tools are really useful to write articles more efficiently.
Concept of a modern electrical automotive architecture |
Safety and security are important for modern automotives, no matter in development stage or mass production. Most vehicles now are more smart now. ADAS(Advanced Driver Assistance System) and wireless connectivity provide more safety, convenience and entertainment for drivers and passengers. However, how to avoid hazards caused by malfunctioning behavior and system vulnerabilities of relative components, are already defined in ISO and IEEE standards.
Before introducing these standards, I would like to show some famours hazards of safety and security in automotive industry.
Famous cases for safety hazard:
- Takata airbag recall: The Takata airbag recall is one of the largest safety recalls in automotive history. The recall was issued due to a defect in Takata's airbag inflators that caused them to rupture and deploy metal shrapnel into the cabin, resulting in multiple deaths and injuries worldwide. (https://www.nhtsa.gov/equipment/takata-recall-spotlight)
- GM ignition switch recall: In 2014, General Motors (GM) issued a recall for millions of vehicles due to a defect in the ignition switch that could cause the engine to shut off unexpectedly while driving, disabling critical safety features such as airbags and power steering. The defect has been linked to multiple deaths and injuries. (https://www.vox.com/2014/10/3/18073458/gm-car-recall)
- Toyota unintended acceleration: In the late 2000s, Toyota faced a series of lawsuits and recalls related to unintended acceleration in several models, including the popular Camry and Prius. The issue was caused by a combination of mechanical and software factors that could cause the throttle to stick in an open position, leading to uncontrolled acceleration and accidents. (https://www.nytimes.com/2010/05/26/business/26toyota.html)
- Jeep Grand Cherokee fuel tank fires: In 2013, the National Highway Traffic Safety Administration (NHTSA) opened an investigation into Jeep Grand Cherokees from model years 1993 to 2004 due to a risk of fuel tank fires in rear-end collisions. The issue was linked to the design of the fuel tank, which was located behind the rear axle and was vulnerable to puncture in collisions. (https://www.jeepfirelawyer.com/practice-areas/jeep-cherokee-fuel-tank-fires/)
- Honda faulty brake system: In 2018, Honda recalled more than 1.1 million vehicles in the U.S. due to a problem with the rear brakes that could cause the brakes to drag, resulting in a fire. The issue was caused by a faulty parking brake system that could cause the brake to engage and not fully disengage, causing the brakes to overheat and catch fire. (https://hondatheotherside.com/honda-crv-brake-system-problem/)
Famous cases for scurity hazard:
- Jeep Cherokee Hack: In 2015, hackers remotely took control of a Jeep Cherokee and were able to disable the brakes and steering, leading to a recall of 1.4 million vehicles. (https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/)
- Tesla Model S Hack: In 2016, Chinese security researchers were able to remotely hack a Tesla Model S, gaining access to the car's controls and remotely controlling the brakes and other systems. (https://www.theguardian.com/technology/2016/sep/20/tesla-model-s-chinese-hack-remote-control-brakes)
- BMW ConnectedDrive Hack: In 2020, researchers discovered a vulnerability in BMW's ConnectedDrive system that allowed attackers to remotely unlock cars, steal data and even start the engine. (https://ioactive.com/unencrypted-car-data-in-bmw-app/)
- Nissan Leaf Hack: In 2016, a security researcher was able to remotely control the heating and air conditioning system in a Nissan Leaf, using the car's mobile app. (https://www.trendmicro.com/vinfo/pl/security/news/internet-of-things/nissan-leaf-can-be-hacked-via-mobile-app-and-web-browser)
- Mitsubishi Outlander Hack: In 2016, researchers were able to remotely control the entertainment system in a Mitsubishi Outlander, allowing them to turn off the car's alarm system and control the windows. (https://www.helpnetsecurity.com/2016/06/06/researchers-hack-mitsubishi-outlander/)
Concept of vehicle to everything (V2X) |
Since 1999, ISO had released couple of standards for automotive safety and security, which covers software, hardware, IT and system development. The following shows
- ISO/IEC 15408
- ISO/IEC 15408 is a set of international standards that define a framework for evaluating the security of information technology products and systems. It is commonly known as the Common Criteria (CC). The CC defines a process for evaluating the security of a product or system, taking into account its functional and assurance requirements, and assigning a security level based on the evaluation results. The CC is widely used by governments and other organizations to evaluate the security of products and systems before they are deployed in sensitive environments.
- The CC is composed of several parts, including:
- Part 1: Introduction and general model
- Part 2: Security functional requirements
- Part 3: Security assurance requirements
- Part 4: Security targets
- Part 5: Evaluation methodology
- The IEEE (Institute of Electrical and Electronics Engineers) has also developed a set of standards related to the Common Criteria. These standards are:
- IEEE 15408.1: Evaluation methodology for security in telecommunication and information technology products - Overview
- IEEE 15408.2: Security functional requirements for telecommunication and information technology products - Common criteria
- IEEE 15408.3: Security assurance requirements for telecommunication and information technology products - Common criteria
- IEEE 15408.4: Security targets for evaluation - Common criteria
- These IEEE standards are based on the ISO/IEC 15408 Common Criteria and provide additional guidance and specifications for implementing the CC.
- ISO/IEC 17799
- ISO/IEC 17799 is a set of international standards that provide guidelines for information security management. It has been updated and replaced by ISO/IEC 27002, which contains the same guidelines and is the current standard for information security management.
- The ISO/IEC 17799/27002 standard provides a comprehensive set of controls that can be used to implement an effective information security management system (ISMS). These controls cover a wide range of areas, including access control, physical security, incident management, business continuity, and compliance with legal and regulatory requirements.
- The standard is organized into sections that cover different aspects of information security management, including:
- Information security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Information systems acquisition, development, and maintenance
- Information security incident management
- Business continuity management
- Compliance
- The IEEE has not developed specific standards related to ISO/IEC 17799/27002, but it has published several standards related to information security, such as:
- IEEE 802.1X: Port-based network access control
- IEEE 802.11i: Enhanced security for wireless networks
- IEEE 802.16: Broadband wireless access for metropolitan area networks
- IEEE 1619: Cryptographic protection of data on block-oriented storage devices
- These IEEE standards provide technical specifications and implementation guidance for specific aspects of information security. However, they are not comprehensive guidelines for information security management like ISO/IEC 17799/27002.
- ISO/IEC 27001
- ISO/IEC 27001 is an international standard that provides a framework for managing and protecting sensitive information using a risk management approach. The standard outlines a systematic approach to managing sensitive information and provides a set of requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). The purpose of ISO/IEC 27001 is to provide a structured approach to managing sensitive information so that it remains confidential, available, and retains its integrity. The standard can be used by any organization, regardless of its size, type, or nature.
- IEEE 27001.1 is a standard that provides a set of guidelines for implementing and managing an information security management system (ISMS) based on ISO/IEC 27001. The standard is intended to provide guidance to organizations that are implementing an ISMS and to help ensure that the ISMS meets the requirements of ISO/IEC 27001. IEEE 27001.1 includes a set of practices and procedures that can be used to implement an ISMS and manage information security risks. The standard also provides guidance on how to measure the effectiveness of an ISMS and how to continually improve it. IEEE 27001.1 is complementary to ISO/IEC 27001 and can be used in conjunction with the ISO/IEC standard to provide additional guidance on the implementation and management of an ISMS.
- ISO/IEC 27002
- ISO/IEC 27002 is a widely adopted international standard that provides guidelines for information security management. It is part of the ISO/IEC 27000 family of standards, which covers information security management systems (ISMS). The standard provides a comprehensive set of controls that organizations can use to ensure the confidentiality, integrity, and availability of their information assets.
- Some of the key areas covered by ISO/IEC 27002 include access control, cryptography, physical and environmental security, security incident management, and business continuity management. The standard is designed to be flexible and adaptable, allowing organizations to tailor the controls to their specific needs and requirements.
- On the other hand, IEEE (Institute of Electrical and Electronics Engineers) has developed several standards related to information security. Some of the key IEEE standards that are related to ISO/IEC 27002 include:
- IEEE 802.1X: This standard provides a framework for network access control (NAC) that can help organizations control access to their network resources.
- IEEE 802.11i: This standard provides guidelines for implementing security in wireless networks, including the use of encryption and authentication protocols.
- IEEE 1547: This standard provides guidelines for the interconnection of distributed energy resources (DER) with electric power systems, including requirements for security and privacy.
- IEEE 1609: This standard provides guidelines for secure communication in intelligent transportation systems (ITS), including requirements for authentication, encryption, and message integrity.
- IEEE 2410: This standard provides guidelines for the cybersecurity of connected vehicles, including requirements for secure communication and data protection.
- Overall, while ISO/IEC 27002 provides a comprehensive set of guidelines for information security management, IEEE standards provide more specific guidelines for implementing security in specific domains, such as network access control, wireless networks, distributed energy resources, intelligent transportation systems, and connected vehicles.
- ISO 26262
- ISO 26262 is an international standard that provides guidelines for the functional safety of road vehicles. The standard is intended to ensure that the electronics and software used in modern vehicles are designed and developed to a high level of safety. It provides a framework for identifying and mitigating safety risks throughout the development process.
- The standard covers the entire lifecycle of a vehicle, from concept and design through to production and end-of-life. It sets out specific requirements for each stage of the lifecycle, including hazard analysis, safety goals, safety requirements, verification and validation, and documentation.
- Some of the key areas covered by ISO 26262 include:
- System and software development processes
- Management of safety-critical systems and components
- Hazard analysis and risk assessment
- Safety requirements and functional safety concepts
- Verification and validation of safety-critical systems and components
- On the other hand, IEEE (Institute of Electrical and Electronics Engineers) has developed several standards related to functional safety, some of which are related to ISO 26262. These include:
- IEEE 1228: This standard provides guidelines for the software life cycle processes used in the development of safety-critical software systems.
- IEEE 1508: This standard provides guidelines for the specification and design of safety-critical software systems.
- IEEE 1012: This standard provides guidelines for the verification and validation of software used in safety-critical systems.
- Overall, while ISO 26262 provides a comprehensive framework for the functional safety of road vehicles, IEEE standards provide more specific guidelines for the development and verification of safety-critical software systems.
- ISO/IEC 29147
- ISO/IEC 29147 is an international standard that provides guidelines for vulnerability disclosure. The standard is designed to help organizations handle security vulnerabilities in a responsible and transparent way. It provides a framework for receiving, assessing, and disclosing vulnerabilities to affected parties.
- The standard covers the entire vulnerability disclosure process, from initial discovery through to final resolution. It sets out specific requirements for each stage of the process, including vulnerability reporting, vulnerability assessment, vulnerability mitigation, and public disclosure.
- Some of the key areas covered by ISO/IEC 29147 include:
- Policies and procedures for vulnerability disclosure
- Assessment of the severity and impact of vulnerabilities
- Communication and coordination with affected parties
- Timelines and deadlines for vulnerability disclosure
- Protection of vulnerability reporters from retaliation
- On the other hand, IEEE (Institute of Electrical and Electronics Engineers) has developed several standards related to vulnerability disclosure, some of which are related to ISO/IEC 29147. These include:
- IEEE 829: This standard provides guidelines for software and system test documentation, including test plans, test cases, and test reports.
- IEEE 1547.1: This standard provides guidelines for cybersecurity requirements for distributed energy resources, including guidelines for vulnerability disclosure.
- IEEE 2600: This standard provides guidelines for security and privacy controls for information systems and organizations, including guidelines for vulnerability disclosure.
- Overall, while ISO/IEC 29147 provides a comprehensive framework for vulnerability disclosure, IEEE standards provide more specific guidelines for vulnerability disclosure in specific domains, such as distributed energy resources and information systems and organizations.
- ISO/IEC 27035
- ISO/IEC 27035 is an international standard that provides guidelines for incident management in information security. The standard is designed to help organizations prepare for, detect, and respond to security incidents in a systematic and effective manner. It provides a framework for incident management that covers the entire incident lifecycle, from preparation and detection to containment, analysis, and recovery.
- The standard covers a wide range of incident management activities, including incident identification and classification, incident response planning, incident analysis and reporting, and incident closure and follow-up. It also provides guidance on how to manage incidents in a way that minimizes the impact on the organization and its stakeholders.
- Some of the key areas covered by ISO/IEC 27035 include:
- Incident management policies and procedures
- Roles and responsibilities for incident management
- Incident management planning and preparation
- Incident detection and response
- Incident analysis and reporting
- Incident closure and follow-up
- On the other hand, IEEE (Institute of Electrical and Electronics Engineers) has developed several standards related to incident management in information security. Some of the key IEEE standards that are related to ISO/IEC 27035 include:
- IEEE 1219: This standard provides guidelines for software safety and security, including incident management.
- IEEE 1362: This standard provides guidelines for the adoption of software life cycle processes, including incident management.
- IEEE 24765: This standard provides guidelines for the adoption of systems engineering processes, including incident management.
- Overall, while ISO/IEC 27035 provides a comprehensive framework for incident management in information security, IEEE standards provide more specific guidelines for incident management in the context of software and systems engineering processes.
- ISO/SAE 21434
- ISO/SAE 21434 is an international standard that provides guidelines for cybersecurity in the automotive industry. The standard is intended to ensure that vehicles and their components are designed and developed with cybersecurity in mind, in order to prevent cyberattacks and protect the safety of vehicle occupants.
- The standard covers the entire lifecycle of a vehicle, from concept and design through to production, maintenance, and end-of-life. It sets out specific requirements for each stage of the lifecycle, including risk assessment, security requirements, security design and testing, and documentation.
- Some of the key areas covered by ISO/SAE 21434 include:
- Threat analysis and risk assessment
- Security requirements and concepts
- Security design and testing
- Security documentation and management
- Secure over-the-air updates
- On the other hand, IEEE (Institute of Electrical and Electronics Engineers) has developed several standards related to cybersecurity, some of which are related to ISO/SAE 21434. These include:
- IEEE 1547.1: This standard provides guidelines for cybersecurity requirements for distributed energy resources, including guidelines for cybersecurity risk assessment.
- IEEE 1609: This standard provides guidelines for security and privacy in vehicular communication networks, including guidelines for secure message exchange.
- IEEE 802.1X: This standard provides guidelines for port-based network access control, including guidelines for secure access to automotive networks.
- Overall, while ISO/SAE 21434 provides a comprehensive framework for cybersecurity in the automotive industry, IEEE standards provide more specific guidelines for cybersecurity in specific domains, such as distributed energy resources and vehicular communication networks.
沒有留言:
張貼留言