Automotive Cybersecurity at HORIBA MIRA
Automotive cybersecurity is an emerging field, and as a discipline, looks at protecting the vehicular system against malicious attacks. This is driven by trends in the increasing sophistication of software on the vehicle, connectivity and autonomy. This makes it hard to audit and check, opens up a once-closed system to external influence and allows for non-human decision-making to take place. There are many questions around how to secure a vehicle. The system is constrained, and very complex. The vehicle is on the road for an average of 15 years, which makes updating and assurance through its lifetime challenging.
HORIBA MIRA has over 13 years of experience delivering global engineering programmes as well as research and development in automotive cybersecurity. This began with our involvement in the “E-safety vehicle intrusion protected applications” (EVITA) project – funded by the EU – the focus of which was the protection of intra-vehicular communications. Since then we have taken part in projects funded by the government, for example 5StarS (funded by Innovate UK), a project that HORIBA MIRA leads, which looks at developing an assurance framework that would help to deliver meaningful consumer ratings for cybersecurity of a connected and autonomous vehicle.
Our independent experts are also actively involved in the development of international standards and regulations for cybersecurity, including SAEJ3061 (the Cybersecurity Guidebook for Cyber-Physical Vehicle Systems) and the upcoming ISO/SAE 21434 standard, which addresses cybersecurity engineering for road vehicles. Using this expertise, as well as what we’ve developed in-house through our cybersecurity research programmes, we help clients get ready for the introduction of impending requirements by providing practical, actionable guidance.
An example of this is to tailor a cybersecurity engineering, test or assessment programme to what a customer might require, whether that be to conduct penetration testing on a component, or to perform a risk assessment on the whole vehicle. The service can also be adapted so that it fits in with an existing lifecycle (for example through phased reviews), whether that phase be production, operation, servicing or decommissioning. Alternatively, we are also able to develop a complete lifecycle process framework to ensure that cybersecurity is addressed comprehensively within a customer’s product. We also reduce the cybersecurity testing burden by using a risk-driven approach to identify and carry out the most appropriate test activities.
Our frameworks include the use of both off-the-shelf and bespoke tools and methods for designing, verifying and validating cyber-physical vehicle systems. We offer both individual and turnkey services including the development of cybersecurity process based on latest industry best practice; consultancy on engineering and implementation of cybersecurity best practice; cybersecurity testing and risk assessment services. Through our newly launched MIRA Technology Institute, we also offer technical seminars and training to improve cybersecurity capability.
All of these services and solutions are delivered via our Vehicle Resilience Technology Centre, located at HORIBA MIRA in the UK. Cybersecurity being a global problem, we work across different client bases worldwide, with customers such as personal and commercial vehicle manufacturers and their supply chain, smart infrastructure manufacturers and integrators as well as service providers and operators.
All HORIBA MIRA cybersecurity services are underpinned by a continuous research and development programme. We have deep roots in knowledge creation, thought leadership and innovation and as such, our research encompasses many topics. Examples include monitoring and analysis of the evolving threat landscape, from exploits that result in car theft, right through to threats to vehicle-to-vehicle and vehicle-to-infrastructure communication. We fund and are funded for areas such as advanced techniques involving formal methods (which are mathematical representation of system behaviours and can be used to guarantee safety-critical applications), as well as machine learning and artificial intelligence techniques that would aid in protecting autonomous vehicles. To ensure that we stay ahead of the latest developments in this fast-paced environment, we have formed a number of partnerships with universities, with collaborations worth many millions. An example of this is TIC-IT, a connected and autonomous vehicle testbed which represents £26 million of investment, and forms part of the world-class facilities that we have for assessing and testing the cybersecurity (amongst other factors) of connected and autonomous vehicles.
Through Vehicle Resilience, HORIBA MIRA is able to provide a holistic approach to cybersecurity and other important factors such as functional safety and EMC resilience, thereby enabling the synergies and conflicts between each of these disciplines to be managed effectively. Coupled with our ground-breaking research, as well as in-depth knowledge of our clients’ product architecture, we help our customers react effectively to new risks, thereby ensuring the safety of the vehicles of today and the autonomous vehicles of the future.