As vehicles become more connected through the internet, wireless networks, and various communication protocols, they also become vulnerable to cyber threats. Cybersecurity in the context of road vehicles serves to protect the E/E components by analysing the unintended damage due to unidentified vulnerabilities of interfaces, implemented solutions and technologies. Given these potential risks, automakers, suppliers, and other stakeholders in the automotive industry need to prioritise cybersecurity throughout the entire lifecycle of a vehicle, from design and manufacturing to ongoing maintenance and updates.
At Spyrosoft, we provide end-to-end automotive cybersecurity services: we design and deploy cybersecurity processes and analyse the existing ones, support the development of embedded software products according to the current automotive and cybersecurity regulations and standards, as well as design and implement cyber-software features.
Since the cybersecurity requirements of ISO 21434 and UNECE regulations go hand in hand with the ASPICE framework in most automotive software development projects, we established a unified approach that merges all the requirements. The process was designed based on our internal FOTA project.
About the project
CSMS FOTA is Spyrosoft’s internal project in the area of automotive cybersecurity. The key objective is to achieve the cybersecurity work products implementation framework as per the CSMS process, in compliance with ISO 21434 and Spyrosoft-specific policies and procedures.
The framework is developed in such a way that it can be reused for customers with minimal modifications.
The project was developed in two phases:
- Item Definition for CSMS FOTA
- Threat Analysis and Risk Assessment within the Item definition
- Cybersecurity Goals to be achieved to protect CSMS FOTA component from unintended security breaches
- Cybersecurity Concept (Derivation of high-level operational requirements to protect CSMS FOTA component)
Product Development Phase:
- Cybersecurity Specification derivation (System & Software)
- Security Design (HLD & LLD)
- Cybersecurity implementation (configurations & algorithms)
- Vulnerability Analysis and Management (specification, design, code, verification and validation)
- Cybersecurity Verification and validation for all levels (concept, specification, design, implementation)
FOTA demonstrates that it’s possible to create an effective process that can serve customer-specific cybersecurity needs and lead to achieving required protection, while meeting industry-specific standards, such as ASPICE.