Have you ever wondered how fast and accurate the battery lifespan reading on your electrical vehicle is? Or have you ever wondered whether the communication between the battery level indicator in your electrical vehicle’s battery sensor is secure? Although automotive systems for sensors, feedback, and self-diagnostics are a modern necessity, underlying security standards always need to be applied.
OEMs of Electrical vehicles bear the responsibility to comply with EV-related security standards and privacy regulations. It is therefore crucial that a dependable software partner needs to be chosen who can effectively address and meet the global security standards required by the Electric Vehicle OEM. Electrical vehicles have increasingly complex systems that monitor and control critical systems within the vehicle and require equally comprehensive protection against sophisticated threat actors. Although CAN has been part of the automotive industry for decades, it does not address the fundamental requirements for automotive cyber security.
The Evolution of the Controller Area Network
CAN bus was developed in the late eighties as a protocol that could be utilized by vehicles to transfer inter-device communication throughout the various multiplexing systems of vehicles.
By 2012 CAN FD was released which was adapted to transfer communications data at much greater speeds allowing automotive OEMs to increase the size and capabilities of their ECUs to interface with a greater number of sensors. This improved capability allowed OEMs to start building self-diagnostic technologies, greatly advancing the intelligence of vehicles and more specifically electrical vehicles.
Common Vulnerabilities of CAN bus
CAN is the most widely used, dependable, communication protocol for in-vehicle data transmission. Its absence of encryption and authentication mechanisms, on the other hand, has unfortunately led to major security automotive flaws. With growing connectivity built into vehicles, there has been a sharp increase in the frequency of cyber-attacks related to vehicles that utilize CAN bus.
Introducing the ISO 21434 Standard
To address the various cyber security risks to vehicles the ISO 21434 automotive cyber security standard was developed. This standard provides a guideline for automotive OEMs about the cyber security best practices that need to be implemented during the design and manufacture of onboard vehicle systems and sensors.
Since electrical vehicles require monitoring and communication systems that are far more complex than other vehicles in the market this is significant.
The standard aims to introduce cyber security awareness across all parts of the vehicle’s lifecycle. Starting from the design of sensors and their related software, including mass-produced spare parts. It also specifies cyber security standards that apply to the operation of the vehicle, listing best practices for parts of the vehicle that are inside and outside of the vehicle.
According to the ISO 213434 standard OEMs must assess and rate the potential cyber security risks of every component produced for electrical vehicles. This includes, among others, the possibility of data breaches that result in personally identifiable information being compromised.
To add to this a clear attack feasibility rating needs to be generated which will aim to realistically assess how vulnerable each component is to being compromised. Identifying metrics such as what skill a threat actor would have to have to compromise the component or system, and what the risk would be to other systems that are networked within the vehicle, in case of a breach.
While CAM and its improved successors boast rapid transfer of data throughout a vehicle, it does not offer any resilience to attacks from external threat actors. This implies that security needs to be maliciously applied to the various systems, themselves. It is, with our technology today, often a case where dependable software that adheres to international cyber security standards, is required to protect a networked vehicle. In this case ISO 21434.
The responsibility of ensuring the continued safe operation of Electrical Vehicles lay with OEMs. When OEMs partner with industry-leading experts in automotive cyber security these critical goals, as highlighted by ISO 21434 can be achieved. Implementing solutions that are guaranteed to be compliant with global industry standards, does not only improve the safety and security of electrical vehicles but also the industry reputation of the OEM and overall profit in the long run.