How the Security You Chose Affects Functional Safety

This content has been presented during The ISO 26262 Digital Conference.

About Peter Davies, Director of Security Concepts, Thales: Peter is a security expert specialising in the convergence of Safety and Security. He is also a leading expert on countering cyber-attacks and supply chain infiltration. He has more than 30 years of experience verifying security systems in hardware.

What Does Security Prove? How the Security You Choose Affects Functional Safety

Presentation: Peter goes about the concept of cyber resilience and how it can be successfully implemented bearing in mind AV’s increasing system complexity, in the light of legal frameworks and GDPR.

One of the key tenets of any operational Cyber Resilient methodology must be that it should generate evidence in a style and of form that can be taken to court.

A 1-bit variation in a program –or the input to a program– can produce extremely different results. This is why digital systems can be unpredictable. Today, costs of hardware and software systems are recouped through replicating them many times over. And according to Peter Davies, Director Security Concepts at Thales, “Whilst this is, of course, useful from an interoperability perspective, this deterministic nature is also advantageous to a threat.”

So, how does the security you choose affect Functional Safety?

A Matter of Resilience

A system is resilient if –and only if– there is justifiable and enduring confidence that it will function as expected, when expected

Functional Safety experts are to look and develop a cyber-resilient methodology that should generate evidence in a style that can be taken to court in case of system failure.

This all stems from the ever-growing complexity of vehicles nowadays. Peter asserts that never before has the industry attempted to achieve anything that mattered in a system of the scale and complexity of the supply chain is now relying on, given the vast amounts of data.

The complexity of today’s systems implies an integrity based on business values, privacy, and safety, all sewn together by their respective watchers and regulators, such as criminal courts and information commissioners.  

According to the Driver and Vehicle Standards Agency, between 2016 and 2020, there were 323 recalls related to the sheer complexity of systems. The number represents around 23% of all recalls in the country. In the U.S., similar recalls topped 85 in 2019, an increase of 40% from two years earlier –they represented 20% of all recalls and more than a 5% increase year on year.  

New Approach Needed

In the light of the increasing complexity and recall statistics, Davies asserts that new approaches are needed to provide cyber resilience for such systems.

“The main shortcomings of traditional techniques are that they are focused on static systems whose properties and behaviours are fixed at design time.”

“Over the next 8 years (the average life of a vehicle), if recall trends continue, 250.000 new threats will be identified.”

This means that “they don’t change at run time and won’t cope well with emergence (unknown unknowns)m which were not included in an analysis.” As an example, braking has become digital and complicated, and in this regard, “Without direct connection between controls and function, our assumption of ASIL-D they become questionable –even before malevolent attacks are considered.”

Davies points to the possibility of an operational methodology, suitable for standardisation, capable of being tested in court or by publicly appointed regulators. This way, he says, “operators understand what evidence should be produced by it and are able to measure the quality of that evidence.”

Recognising that security mechanisms are not an end in themselves but contribute to other goals with their own rules of evidence is key when selecting security touchpoints to provide that evidence.

Watch the complete presentation