Functional Safety With ISO 26262 Webinar
Automotive Cybersecurity for Safety Experts - ISO 26262 & ISO SAE 21434WebinarDr. Arnulf Braatz/Andreas Horn, May 27th 2020V1.10 2020-05-27
Welcome and IntroductionWebinar: Automotive Cybersecurity for Safety ExpertsSpeaker:Dr. Arnulf BraatzQ&A:Andreas HornTechnical Notes2/24 AudioThere should be music to hear.If the audio transmission over the Internet is notworking, ask for the participation in a conference call.Contact the "host" in the "chat" window. ScreenDisable your screen saver. Feedback & communicationOpen and review the "chat" window to get all organizational messages of the "hosts".Use the "chat" window to the "host" to contact all organizational WebEx and transfer requests or disturbances.Use the "Q & A" window instead of the "chat" window for substantive questions about the webinar.Ask your questions at "All Panelists". Questions are answered online during and after the presentation. Slides & PresentationWithin 1-2 days after the webinar, you will receive a link to the slides and additional information.After the webinar a link will guide you to a feedback form.We are looking forward to receiving your feedback to continuously improve our services. 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Welcome and IntroductionVector Group DevelopmentVector provides tools for developing,testing, calibration and diagnosticsas well as software components anddevelopment services.USAFranceDetroitParisStuttgart, Brunswick, Hamburg, Karlsruhe, Munich, RegensburgGreat BritainGothenburgNetworkingVector provides components andengineering services for thenetworking of electronic systems.JapanTokyo, NagoyaMilanoOptimizationVector provides a comprehensiveconsulting portfolio as well assuitable tools support.IndiaPuneKoreaSeoulAustriaViennaBrazilSão PauloVector Group2978 employeesDate: Jan. 20203/24@VectorVCSSwedenBirminghamItaly Vector Consulting ServicesWorldwide, 20 consultantsGermany 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27ChinaShanghai
Welcome and IntroductionVector Client Survey 2020: Risk of vicious circleLong-term challenges70%Safety &Security60%Quality50%Innovative productsFlexibility30%Vicious cycle: cost pressure lack of competences less innovation and quality Complexity Distributeddevelopment20%10%Competencesand knowledgeDigital transformation40%Cost term ChallengesVector Client Survey 2020.Details: www.vector.com/trends.Horizontal axis shows short-term challenges;vertical axis shows mid-term challenges.Sum 300% due to 5 answers per question. Strongvalidity with 4% response rate of 2000 recipients fromdifferent industries worldwide.Vector provides tailored consulting solutions to keep OEM and suppliers competitive:Efficiency – Quality – Competences4/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
AgendaWelcome and Introduction Main Concepts of Safety & SecuritySimilarities of Functional Safety & CybersecurityDifferences between Functionals Safety & CybersecurityConclusions and Outlook5/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Main Concepts of Safety & SecurityTypical Vehicle ScenariosInternal FailureUnreliableScenariosTriggering Evente.g. pedestrian o avoid such scenarios is one goal of automotive system engineering activities.6/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Main Concepts of Safety & SecurityEmergent System Property: Availability, Safety & SecurityUnsecureScenariosSecurity-related but QMISO SAE 21434/SAE J3061-2016Cybersecurity attackson SafetyISO SAE 21434/SAE J3061-2016(Security)QMPrivacy as an security property is also partof ISO SAE ty)(Safety)SPICEIATF 16949ISO 9001SOTIFISO/PAS 21448Functional SafetyISO 26262 According: Engineering a Safer World, The MIT Press, Nancy G. Leveson, 2011International engineering standards are available to cover E/E emergent system properties.7/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Main Concepts of Safety & SecurityRelationship of Cybersecurity & Functional SafetyCybersecurity related(SAE J3061, ISO SAE 21434)Functional-safety (FS)related (ISO 26262)System Attributes: Functional-safety related system is part of Cybersecurity related systemSystems EngineeringFS Management &FS Engineering Methods(ISO 26262)Cybersecurity Management& Cybersecurity EngineeringMethods(SAE J3061, ISO SAE 21434)By Design: Management & Engineering methods of Functional-safety & Cybersecurity areoverlapping8/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Main Concepts of Safety & SecurityVehicle Level: Cybersecurity & Functional SafetyCybersecurity: Methods to manage cybersecurity risks (threads) for road vehiclesthroughout engineering, production, operation, maintenance and decommissioning.Attack via Bluetooth onOBDAttack via GSM andcloud services on TCUSafety & Security on the vehicle following a riskbased approach which impacts engineeringmethods.Functional Safety: Methods required to minimize the risk down to residual risk, that amal-function of the EE system violates a safety goal. systematic & random faults of HW &SW (ISO 26262)9/24 Cybersecurity Attacks (ISO SAE 21434) 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Main Concepts of Safety & SecurityToday’s Situation: Engineering Lifecycle of Security & Functional Safety StandardsAutomotiveFunctional Safety:ISO 26262:2018AutomotiveCybersecurity: ISO 21434 (DraftStandard)SAE J3061-2016(Guideline)GeneralCybersecurity: ISO 15408 (CommonCriteria) ISO 27001, TISAX (ITSecurity) 10/24Books: e.g. ThreatModelling, AdamShostack, Wiley 2014Item Definition &AssetIdentificationProduction,operation, service ?&decommissioningItemDefinitionThreat &RiskAssessmentHazard dation, PenTestsValidateSafety uirementsApproval of therelease for postdevelopmentSafety CaseSafety GoalsItemIntegrationTest SafetyTechnicalSafetyConceptSystemIntegrationTest SafetyHW/SWsafetyrequirementsVerificationon UnitLevelHW/SWCyberSecurity according ISO SAE 21434 (Draft DIS) 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27Production, operations,maintenance &decommissioningItemIntegrationTest SecuritySystemIntegrationTest SecurityVerificationon UnitLevelSafety ActivityCybersecurityActivity
Main Concepts of Safety & SecurityComparison: ISO 26262 & ISO SAE 21434Chapter 3: Terms and abbreviations1. VocabularyChapter 5: Overall cybersecurity management2. Management of functional safetyChapter 6: Project dependent cybersecurity managementChapter 7: Continuous cybersecurity activitiesOverlap of same System engineeringCybersecurity events & Vulnerabilitiesapproach.3. Conceptphase12.Adaption ofISO 26262formotorcycles4. Product development atthe system level5. Productdevelopmentat thehardwarelevel6. Productdevelopmentat thesoftwarelevel7.Productionandoperation8. Supporting processesChapter 8:RiskassessmentmethodsChapter 9:ConceptPhaseChapter tionSW/HWlevel11/24Chapter 13:OperationsandmaintenanceChapter 14:DecommissioningChapter 15: Distributed cybersecurity activities9. ASIL-oriented and safety-oriented analyses10. Guideline on ISO 26262Chapter 12:Production11. Application of ISO26262 to semiconductor 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27Annex A-J: informative
AgendaWelcome and IntroductionMain Concepts of Safety & Security Similarities of Functional Safety & CybersecurityDifferences between Functionals Safety & CybersecurityConclusions and Outlook12/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Similarities of Functional Safety & CybersecurityCybersecurity management & Safety nagerSafety- & Cybersecurity-related Development e of process sessmentreportsTracking The safety/cybersecurity case is a collection of allsecurity relevant work products. Input for a safety/cybersecurity assessment andrelease for production/post-development. 13/24Project ManagerThe safety/cybersecurity case provides a structuredargument for the achieved degree ty Case 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27ISO SAE 21434 (Draft DIS), chapter 6.1
Similarities of Functional Safety & CybersecurityFlow and sequence of the cybersecurity & safety requirementsSafety GoalsCybersecurity GoalsHARATraceabilityTraceabilitySG1 HZ1, HZ3 ASIL B Safety Goal 1CybersecuritySecG1Asset 1CAL 1Goal1 2SG2HZ2ASIL D SafetyGoal.SecG2 .Asset 2 . CAL 3.CybersecurityGoal 2TARA.CybersecurityConceptAllocation of FSRs toFunctional Safety Requirementsarchitectural elementsCybersecurity RequirementsFunctional SafetyConceptFSR 1CSRFSR 2CSR.SG1 ASIL B Funct. Safety Req. 11 SecG1 CAL 1 Cybersecurity Req. 1SG1 ASIL B Funct. Safety Req. 22 SecG1 CAL 1 Cybersecurity Req. 2.Allocation of CSRs toarchitectural elementsTechnical SafetyConceptTechnical Safety RequirementsCybersecurity ControlsTSR 1.1FSR 1ASIL BCSC 1.1CSR 1CAL 1TSR 1.2FSR 1ASIL BCSC 1.2CSR 1CAL 1.14/24Item DefinitionComp1Tech. Safety Req. 1.1Comp1Cybersecurity Control 1.1Comp1Tech. Safety Req. 1.2Comp1Cybersecurity Control 1.2.Allocation of TSRs toarchitectural elementsAllocation of CSCs toarchitectural elements 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27ISO SAE 21434, 8-9ISO 26262 Part 3Refinement of ISO SAE 21434, 10Architectural Design ISO 26262 Part 4System Architectural Design
Similarities of Functional Safety & Cybersecurity?Your Questions?Remark: If we are not able to answer your question within the hour we will send you the answer viamail in the coming days!15/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
AgendaWelcome and IntroductionMain Concepts of Safety & SecuritySimilarities of Functional Safety & Cybersecurity Differences between Functionals Safety & CybersecurityConclusions and Outlook16/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Differences between Functionals Safety & CybersecurityTerms & Concepts: Attack Path vs. Path of EffectsAttack: Attempted action orinteraction with the vehicleor its environment that hasthe potential to result in anadverse consequence.Attack Path: Set ofactions that could lead tothe accomplishment of thethreat scenarioPath of effects: Set ofelements cascades thefault to item level.SitemAitemAsset: Anything that hasvalue to the product’sstakeholders (and iscontained by SW or HW)Safety requirements are allocated along path of effects, security requirements along the attack path. Cybersecurity Attacks (ISO SAE 21434/SAE J3061-2016)17/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27 systematic & random faults of HW &SW (ISO 26262)
Differences between Functionals Safety & CybersecurityTerms & Concepts: Vulnerability vs. FailureVulnerabilitynodeECUPath of effectsAttack PathSensorSecurity Control: Reduces probability ofunauthorized access (known) by the attacker. Vulnerability detected during testing.ECUActuatorAssetVulnerability: Weakness (unknown), whichcan be exploited by an attacker.FailureFailure: Random/systematic fault whichleads with a certain probability to aviolation of a Safety Goal.Safety Mechanism: Reducesprobability of safety goal violation. a how-to to create the exploit is published. exploit can be downloaded from a black market.Vulnerability Analysis & Management are specific to the cybersecurity approach.18/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Differences between Functionals Safety & CybersecurityMethods: Attack Tree vs. Fault Tree Analysis (FTA)Value: Possible/impossibleThreat Scenario: Is realizing asequence of actions (attack path)requiring an underlyingvulnerabilities.Threat ScenarioandAttack Action 2Attack Action 1ororAttack Action 1.1Attack Action 1.2 Attack Action 2.1 andandorAttack Action (AA) 1.1.1AA 1.1.2Vulnerability 1Attack PathAA 2.1.1Vulnerability 2FTA as Safety Analysis: FTA and Attack Treeapplying same tree-basedapproach. Semantics of probabilityconcerning faults/failures isdifferent: ISO 21434: Two independentvulnerabilities, which areknown, do not necessarilyreduce likelihood of asuccessful attack.AA 2.1.2Atomic ActionsISO 21434: TheAttack Tree coversSystem, SW & HWlevel (architecture &Implementation)ISO 26262: Two independentfaults at the same time aresignificantly more unlikely comparedto a single fault with same FIT rate.ISO 26262: Safety analysis forsystem, SW & HW are applied onarchitecture level.Attack path according ISO SAE 21434 (Draft DIS), Chapter 8.6.2FTA & Attack tree can be integrated as a method, but semantics are different.19/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Differences between Functionals Safety & CybersecurityComparison : Established Engineering Methods Safety & Security Fuzz- & PEN TestingRequirements-basedtestingSystem- & SWArchitectureHARAVulnerabilityAnalysis (e.g.Attack Tree)FTATARA Requirements-basedtestingSystem- & SWArchitectureFMEAHARA HazardAnalysis & RiskAssessment (ISO26262-3)TARA ThreatAnalysis & RiskAssessment (SAEJ3061-2016)Utilizing shared methods & keeping different approaches focused is the key for efficiency.20/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
AgendaWelcome and IntroductionMain Concepts of Safety & SecuritySimilarities of Functional Safety & CybersecurityDifferences between Functionals Safety & Cybersecurity 21/24Conclusions and Outlook 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Conclusions and OutlookISO SAE 21434 & ISO26262 Experience Increasing cybersecurity demand Most of OEM s include ISO26262 compliance in their contracts more and more requirements specifications pointing also to ISO SAE 21434 Overlap with ISO 26262 helps to understand the upcoming standard but there are a few significant differences concerning concepts and methods Efficient integration of functional safety & cybersecurity is the efficiency keyfor OEMs and suppliers.Cybersecurity has to be built on solid Functional safety processes together with acompetent partner.22/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Conclusions and OutlookVector: Comprehensive Portfolio for Security and SafetyVector Cyber Security and Safety SolutionsSecurity and SafetyConsultingAUTOSAR BasicSoftwareTools(PLM, Architecture,Test, Diagnosis etc.)HW based SecurityEngineering Services for Safety and ecuritywww.vector.com/consulting 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Conclusions and OutlookVector Safety SolutionsTrainings and media Training “Functional Safety with ISO 26262”Stuttgart, continuouslywww.vector.com/training-safety Trainings tailored to your needs available worldwide Virtual trainings Free white papers www.vector.com/media-safety Vector Forum – Automotive systems & Software for Tomorrow(25 June 2020), on your computer – It is a virtual vector-forum/2020/ Further free Webinars:2020-06-16 Functional Safety and SOTIF - Principles and Practice 2020-06-17 Automotive Cybersecurity – Challenges and Practical ars/ 24/24 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 2020-05-27
Comparison: ISO 26262 & ISO SAE 21434 Main Concepts of Safety & Security 9. ASIL-oriented and safety-oriented analyses 3. Concept phase 4. Product development at the system level 5. Product development at the hardware level 6. Product development at the software level 12. Adaption of ISO 26262
26262-4, ISO 26262-5, ISO 26262-6 and ISO 26262-8:2011 The planning of the confirmation reviews, the initiation of the functional safety audit(s) and the initiation of the functional safety assessment in accor
In general we will refer to numbered sections within the ISO/DIS 26262 document using the format ISO 26262-P:C Where P is the part number, and C is the (sub-)clause number within that part. For example, “ISO 26262-6:4.5” refers to sub-clause 4.5 of ISO 26262
Coverage of ISO 26262:2018 Objectives 1Introduction to ISO 26262:2018 ISO 26262:2018, “Road vehicles — Functional safety”, is a series of international functional-safety standards for the automotive industry. It adapts the IEC 61508 series of standards to the functional safety of e
the ISO 26262, as soon as the standard is extended to this weight category. As mentioned previously, the goal of the ISO 26262 is to reduce the safety risks of electric and electronic components by stricter requirements than mandatory in the IEC 61508. In the ISO 26262 the entire safety li
ISO 26262-8:2018(E) Introduction The ISO 26262 series of standards is the adaptation of IEC61508 series of standards to address the sector specific needs of electrical and/or electronic (E/E) systems within road vehicles. This adaptation applies to all activities during
ISO TC22 SC3 WG16 First drafts of requirement specifications RESPONSE Automotive SPICE HIS OEMs Suppliers Technical Services 2002 2003 1.2004 9.2005 Origins of ISO 26262 (Automotive IEC 61508) FAKRA BNA MISRA 11.2005 First WG16 Meeting ISO TC22 (Automotive) SC3 (E/E) WG16 (Functional Safety)
2 STARTING POINT ISO 26262 released in November 2011 Second edition available for review as ISO/DIS 26262:2018 Final publication scheduled for 2018 Impact on model-based development – Changes of part 6? 1) Use cases of model- based development 2) Evolution of best practices 3) Handling of concurrency MODEL
accounting and bookkeeping principles, practices, concepts and methods featured in the unit and there was good evidence of preparation and practice with regard to structure, format and presentation of accounting data and information among the sound financial statements, double-entry bookkeeping and cash budgets submitted. That said, this is not a unit solely of numbers or arithmetic and there .
