Cyber Security requirements may be derived directly from applicable standards and regulations such as ISO/SAE 21434 (2021), the ISO/TR 4804 (2020) and UNECE (2021c). In addition, high-level cyber security requirements, also known as cyber-security goals, have to be defined for the entire ADF. The cyber security requirements shall take into account aspects such as confidentiality, availability, integrity and authenticity, for example ensuring software authenticity and integrity before its installation and during its execution, or defining availability of data from back-end services. Other requirements that shall be considered are related to detection mechanisms, protection of networks and protocols, software security, cloud security, cryptography and access control, among others (ENISA, 2019).
Main Question
Are (cyber-) security requirements identified for the entire function, including not only those related to hardware/software development but also those related to network design and communication?
Sub-Questions
- Are clear methods defined to address confidentiality, authenticity, integrity and availability of the communications and the transferred data?
References
- ISO (2020) TR 4804: Road vehicles — Safety and cybersecurity for automated driving systems — Design, verification and validation. Available at: https://www.iso.org/standard/80363.html (Accessed: 18 October 2023)
- ISO/SAE (2021) 21434: Road vehicles – Cybersecurity engineering. Available at: https://www.iso.org/standard/70918.html (Accessed: 18 October 2023)
- UNECE (2021c) Uniform provisions concerning the approval of vehicles with regards to cybersecurity and cybersecurity management system. Available at: https://eur-lex.europa.eu/eli/reg/2021/387/oj (Accessed: 27 October 2023).
- ENISA (2019) Good practices for Security of Smart Cars. Available at: https://www.enisa.europa.eu/publications/smart-cars (Accessed: 31 October 2023).