ISO-SAE Road vehicles Cybersecurity Engineering General Overview

Transcription

1 Bitte decken Sie die schraffierte Fläche mit einem Bild ab. Please cover the shaded area with a picture. (24,4 x 7,6 cm) ISO-SAE Road vehicles Cybersecurity Engineering General Overview

2 Standardizing Cybersecurity Engineering Goals of the Initiative The future standard shall 1. Give uniform definition of notions relevant to automotive security 2. Specify minimum requirements on security engineering process and activities and define wherever possible criteria for assessment Targeted effects on automotive industry Common and internationally agreed understanding of automotive cybersecurity engineering Sufficient rigor as reference for legislative institutions; ensure legal certainty 3. Describe the state of the art of security engineering in automotive E/E development 2 11 May 2017 Author, Continental AG

3 Standardizing Cybersecurity Engineering Security in the whole Product Life Cycle Innovation Quotation Concept Refinement Development Industrialization Product Validation Production Ramp-up After Series Research for Industrial Leadership Security Concept and Architecture LOOP Security Support Security Work Packages Prototype Planning & Specification Realization Integration & Testing Incident Response Management! March 29, 2017 Ahmad Sabouri, Mario Hoffmann Continental AG 11

4 ISO TC22/SC32/WG11 - ISO/SAE Structure Regl. Body: 2 Cert. Body: 2 Supplier: 13 Consulting: 5 Academia: 4 79 Misc.: 7 OEM: 26 Tier-1: 20 Secretaries ISO: Stephan Krähnert (DIN/VDA) SAE: Tim Weisenberger Co-Convenors ISO: Dr. Gido Scharfenberger Fabian (carmeq/vw; DE) SAE: Lisa Boran (Ford. Inc; US) State of April May 11, 2017 Dr. Markus Tschersich Continental AG

5 ISO/SAE National Delegations Sweden Belgium United Kingdom United States France Italy Netherlands Germany China Japan Korea Austria Delegations: ISO SAE 13 May 11, 2017 Dr. Markus Tschersich Continental AG

6 ISO/SAE Scope This document specifies requirements for cybersecurity risk management for road vehicles, their components and interfaces, throughout engineering (e.g. concept, design, development), production, operation, maintenance, and decommissioning. A framework is defined that includes requirements for a cybersecurity process and a common language for communicating and managing cybersecurity risk among stakeholders. This document is applicable to road vehicles that include electrical and electronic (E/E) systems, their interfaces and their communications. This document does not prescribe specific technology or solutions related to cybersecurity. 14 May 11, 2017

7 ISO/SAE Project Groups PG 1: Risk Management Validation SOP Production PG 3: Operation, Maintenance Risk Management Operation/ Maintenance Development Concept Development Incident/Bugs Decommissioning PG 2: Process Development PG 4: Process Overview and Interdependencies 15 May 11, 2017

8 ISO/SAE Overall Schedule ISO WD-ballot for ISO CD-ballot for ISO DIS-ballot for Start drafting the document drafting the document drafting the document preparation of the document for publication Joint publication of ISO/SAE- Standard SAE Level 1 Technical committee ballot for SAE Level 1 Technical committee ballot for SAE Level 1 Technical committee ballot for October 1 st, 2016 October 1 st, 2019 CD: Committee Draft; DIS: Draft International Standard; FDIS: Final Draft International Standard 16 May 11, 2017