Unlock the power of synergy in automotive development by integrating safety and cybersecurity standards to streamline processes and enhance vehicle reliability. By adopting a unified approach, you can ensure that your systems are both safe and secure, meeting the highest standards while reducing costs and time-to-market. Stay ahead of the curve and drive innovation with confidence, knowing that a comprehensive multi-concern development strategy not only addresses potential risks but also revolutionizes your approach to building modern, intelligent vehicles.
What if there was a way to keep your quality A-team engaged, motivated, and firing on all cylinders? Enter the concept of engagement management. This proactive approach goes beyond simply keeping team members busy. It focuses on fostering a culture of purpose, ownership, and connection, ultimately preventing burnout and unlocking peak performance.
The development of automotive systems is increasingly complex due to the need to comply with multiple standards, each addressing different quality attributes. ISO 26262, a well-established standard for functional safety in the automotive sector, ensures that systems are designed to operate safely under all foreseeable conditions, mitigating the risk of accidents due to system failures. On the other hand, ISO/SAE 21434, which focuses on cybersecurity, addresses the growing threat of cyberattacks aimed at exploiting vulnerabilities in connected vehicles.
The need to simultaneously adhere to both safety and cybersecurity standards can introduce significant overheads. This complexity stems from the requirement to perform detailed risk assessments, implement various safety and security measures, and conduct extensive testing and verification to ensure compliance. Consequently, identifying synergies between these standards can help reduce redundancies, lower costs, and expedite time-to-market without compromising on the robustness and reliability of the system.
%
Since its introduction in 2011, ISO 26262 has become a widely recognized standard for functional safety in the automotive industry. Over 80% of automotive manufacturers and their suppliers worldwide have implemented ISO 26262 processes to ensure the safety and reliability of electronic and electrical systems in road vehicles.
%
With the increasing connectivity of vehicles, cybersecurity has become a critical concern. A recent survey indicated that 70% of automotive companies see ISO/SAE 21434 as essential for addressing cybersecurity risks, and more than 60% of these companies have already started aligning their cybersecurity practices with the standard, even before its final release in 2021.
ISO 26262 is a standard specifically designed for the automotive industry to ensure the functional safety of electrical and electronic systems in vehicles. It is divided into several parts, each addressing different aspects of the safety lifecycle:
Part 1: Vocabulary – Definitions of terms and concepts used throughout the standard.
Part 2: Management of Functional Safety – Requirements for managing functional safety, including safety culture, organizational safety management, and safety lifecycle management.
Part 3: Concept Phase – Hazard analysis and risk assessment (HARA). Establishment of safety goals and safety requirements.
Part 4: Product Development at the System Level – System-level requirements, including design and architectural considerations. Verification and validation activities at the system level.
Part 5: Product Development at the Hardware Level – Hardware design and development. Hardware safety requirements and analysis methods.
Part 6: Product Development at the Software Level – Software development process. Software safety requirements, coding guidelines, and testing.
Part 7: Production, Operation, Service, and Decommissioning – Safety considerations during the production and operational lifecycle of the vehicle. Guidelines for maintenance, service, and decommissioning.
Part 8: Supporting Processes – Supporting activities such as configuration management, change management, and documentation.
Part 9: Automotive Safety Integrity Level (ASIL)-Oriented and Safety-Oriented Analyses – Methods for determining ASIL levels based on risk assessment. Guidelines for safety analyses and assessments.
Part 10: Guidelines on ISO 26262 – Additional guidelines and explanations to help implement the standard effectively.
ISO/SAE 21434 is a standard developed to address cybersecurity risks in automotive systems. It provides a framework for identifying and managing cybersecurity threats and vulnerabilities throughout the vehicle lifecycle. The standard is organized into several key sections:
The article by Martin Skoglund, Fredrik Warg, and Behrooz Sangchoolie explores the potential synergies that can be realized by considering both functional safety (ISO 26262) and cybersecurity (ISO/SAE 21434) standards in the development lifecycle of automotive systems. The research was based on a use case involving a positioning component for an automated driving system, which required adherence to both safety and cybersecurity standards.
The study highlights that while the synergies between safety and cybersecurity are more challenging to realize during the design phase, significant overlaps exist during the verification and validation phases. These overlaps can be leveraged to optimize development processes and improve system quality.
%
A survey conducted by Automotive World revealed that around 90% of Tier 1 suppliers in the automotive industry have integrated ISO 26262 into their development processes. This widespread adoption highlights the industry’s commitment to functional safety, driven by the increasing complexity of vehicle systems and the demand for higher safety standards.
%
The global automotive cybersecurity market, guided by standards like ISO/SAE 21434, is expected to grow from $1.53 billion in 2020 to approximately $5.89 billion by 2027, at a compound annual growth rate (CAGR) of 20.9%. This growth is fueled by the rising number of connected vehicles and the corresponding need to protect against cyber threats, underscoring the critical role of cybersecurity standards in the automotive sector.
Security is a process, not a product.
The design phase, often represented by the left side of the V-model development lifecycle, focuses on defining system requirements, architecture, and the identification of potential risks. In this phase, the overlap between safety and cybersecurity activities is relatively limited. Safety primarily concerns itself with preventing accidental failures that could lead to hazardous situations, while cybersecurity aims to protect against intentional malicious attacks.
However, the study emphasizes the importance of co-design in achieving comprehensive risk management. By analyzing safety and cybersecurity concerns in parallel, developers can ensure that both aspects are addressed throughout all design stages. This approach reduces the likelihood of overlooking critical dependencies between safety and cybersecurity, which could otherwise lead to costly redesigns or residual vulnerabilities.
For instance, a safety mechanism designed to prevent unintended acceleration may also need to consider cybersecurity threats that could override the vehicle’s controls. By treating both concerns in parallel, the design process becomes more thorough, minimizing the risk of missing critical issues that could compromise either safety or security.
The right side of the V-model, which deals with verification and validation, presents more opportunities for synergy. Verification activities aim to ensure that the system meets all specified requirements, including those related to safety and cybersecurity. Validation activities confirm that the system performs its intended functions under real-world conditions.
The study reveals that many of the testing environments and methods required by ISO 26262 and ISO/SAE 21434 can be shared, offering significant efficiencies. For example, both standards necessitate rigorous testing to verify that systems respond appropriately to unexpected inputs, whether these are accidental failures or deliberate attacks. Shared test environments, such as hardware-in-the-loop (HIL) setups, can be used to perform both safety and security testing, reducing duplication of effort and resources.
Moreover, test techniques such as fault injection, stress testing, and performance testing can serve dual purposes. By using these techniques to assess both safety and cybersecurity, organizations can streamline their verification processes, reduce the time and cost associated with testing, and ensure consistent coverage of all critical requirements.
According to a report by Cybersecurity Ventures, global cybercrime costs are predicted to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. This makes cybercrime one of the greatest economic challenges, highlighting the critical need for robust cybersecurity measures across all sectors.
%
A study by Accenture found that the average number of security breaches per company has increased by 67% over the past five years. This rise in the frequency of attacks emphasizes the growing threat landscape and the necessity for continuous investment in cybersecurity infrastructure and processes.
To effectively leverage the synergies between safety and cybersecurity, organizations need to adopt a structured approach to multi-concern development. This involves integrating safety and cybersecurity considerations into all stages of the development lifecycle, from initial design through to final validation.
A critical step in multi-concern development is conducting integrated risk analyses that encompass both safety and cybersecurity concerns. This approach allows for the identification of potential dependencies and interactions between safety and security risks. For example, a threat analysis and risk assessment (TARA) for cybersecurity can be conducted alongside a hazard analysis and risk assessment (HARA) for safety. This parallel analysis ensures that both accidental and intentional threats are considered, providing a more comprehensive view of the system’s risk landscape.
The study suggests that while conducting separate risk analyses for safety and cybersecurity is common, performing these analyses in a coordinated manner can facilitate a more holistic understanding of system vulnerabilities. Such co-analysis can highlight scenarios where a security breach could lead to a safety hazard, or vice versa, enabling the development of mitigation strategies that address both concerns simultaneously.
Unified requirements management is another key aspect of multi-concern development. By consolidating safety and cybersecurity requirements into a single, integrated set, organizations can ensure that all relevant considerations are addressed in a coherent manner. This integration helps avoid conflicts between safety and security requirements and facilitates the implementation of solutions that satisfy both standards.
For instance, a safety requirement to disable certain vehicle functions in the event of a fault can be aligned with a security requirement to prevent unauthorized access. By managing these requirements together, organizations can develop more robust systems that are both safe and secure.
As highlighted in the study, shared testing infrastructure plays a crucial role in realizing synergies during the verification and validation phases. Test environments that can accommodate both safety and cybersecurity testing enable organizations to conduct comprehensive assessments without duplicating resources. This not only reduces costs but also ensures that safety and security measures are tested under consistent conditions, improving the reliability of test results.
For example, model-in-the-loop (MIL), software-in-the-loop (SIL), and hardware-in-the-loop (HIL) test environments can be configured to test safety-critical functions and cybersecurity defenses simultaneously. By using the same infrastructure for both types of testing, organizations can ensure that interactions between safety and security measures are fully understood and validated.
To support multi-concern development, organizations should invest in advanced tools and methodologies that facilitate the integration of safety and cybersecurity assurance activities. The use of model-based engineering tools, such as Papyrus for system modeling and OpenCert for process modeling, can help manage the complexity of multi-concern development by providing a structured approach to defining, analyzing, and verifying requirements.
These tools enable the creation of multi-concern assurance cases, which articulate the rationale and evidence supporting the safety and cybersecurity of a system. By leveraging these tools, organizations can streamline the development of assurance cases, improve traceability between requirements and evidence, and facilitate compliance with multiple standards.
The study conducted by Skoglund and his colleagues uses a positioning component for automated driving systems as a case study to illustrate the potential synergies in multi-concern development. This component is critical for determining the precise location of a vehicle, which is essential for functions such as lane keeping and automated navigation.
The positioning component must conform to both functional safety and cybersecurity standards to ensure its reliability and resistance to cyber threats. In the context of this use case, several insights into multi-concern development are highlighted:
The hazard analysis (HARA) and threat analysis (TARA) performed for the positioning component revealed that safety and security risks are often interdependent. For example, a cybersecurity breach that manipulates positioning data could lead to safety-critical errors, such as unintended lane changes. By conducting integrated risk analyses, the development team was able to identify these interdependencies and develop comprehensive mitigation strategies.
The requirements for the positioning component included both safety and cybersecurity goals. For instance, the component was required to ensure that automated driving could only be activated on certified roads. This requirement was driven by both safety considerations (preventing unintended activation) and cybersecurity concerns (protecting against spoofing attacks). By aligning safety and security requirements, the development team ensured that the component would meet both standards.
The use of shared test environments for both safety and cybersecurity testing provided significant efficiencies. The team employed hardware-in-the-loop (HIL) testing to simulate real-world conditions and validate that the positioning component met all safety and security requirements. This approach allowed for comprehensive testing without the need to duplicate test setups, reducing time and costs while ensuring robust validation.
As the automotive industry continues to evolve, the need for effective multi-concern development will only grow. Future work in this area will focus on enhancing tool support, refining methodologies, and developing new approaches that facilitate the seamless integration of safety and cybersecurity considerations throughout the entire development lifecycle.
The next generation of multi-concern development will likely see the introduction of more sophisticated tools designed to handle the complexities of both safety and cybersecurity requirements. These tools will provide advanced modeling capabilities that can simulate interactions between safety-critical and security-critical functions, helping engineers to identify potential conflicts or vulnerabilities early in the design phase. Integrated toolchains that combine requirements management, risk assessment, and verification and validation processes will streamline workflows, making it easier to maintain compliance with standards such as ISO 26262 and ISO/SAE 21434. Furthermore, these tools could incorporate machine learning and artificial intelligence to predict potential vulnerabilities based on past data, enhancing the robustness of safety and security measures.
Refining methodologies to support co-engineering of safety and cybersecurity is another critical direction for future work. This includes developing frameworks that promote the systematic co-analysis of risks, allowing for a more integrated approach to hazard and threat assessment. Methodologies will focus on how to balance safety and cybersecurity requirements effectively without compromising one for the other. This could involve creating standardized processes for handling trade-offs and conflicts between safety and security measures, ensuring that both concerns are adequately addressed without introducing new risks. Additionally, these refined methodologies would provide clearer guidelines on how to document and manage dependencies between safety and cybersecurity requirements throughout the lifecycle of the vehicle.
Future multi-concern development will likely embrace continuous assurance models, which ensure that both safety and cybersecurity compliance are maintained throughout the product lifecycle, from design to decommissioning. These models will support ongoing monitoring and assessment of safety and security risks, facilitating real-time updates and patches to systems as new vulnerabilities are identified. Continuous assurance also emphasizes the importance of feedback loops, where data from operational environments is used to improve safety and security measures. By adopting a continuous assurance approach, automotive companies can ensure that their systems remain compliant with evolving standards and resilient to emerging threats.
As the automotive industry becomes more connected, collaboration between different stakeholders—including manufacturers, suppliers, regulatory bodies, and cybersecurity experts—will be essential. Future directions will likely focus on fostering greater collaboration to create unified standards and guidelines that can be universally adopted. Efforts to harmonize standards across different regions and industries will simplify compliance and reduce the complexity of multi-concern development. Additionally, cross-industry collaboration could lead to the sharing of best practices and the development of universal benchmarks for safety and cybersecurity, enhancing the overall quality of automotive products.
With the increasing importance of safety and cybersecurity, future developments will also prioritize training and education for engineers and developers. Programs that provide comprehensive education on the latest standards, tools, and methodologies will become essential to ensure that the workforce is well-equipped to handle the complexities of multi-concern development. This training will not only focus on technical skills but also on fostering a culture of safety and security awareness throughout organizations. By investing in education, companies can build a workforce that is proactive in identifying and addressing potential risks, further enhancing the safety and security of automotive systems.
Emerging technologies such as artificial intelligence (AI), blockchain, and quantum computing will also play a role in the future of multi-concern development. AI can be used to automate the detection of anomalies and potential threats, providing real-time alerts and responses to cybersecurity incidents. Blockchain technology can offer secure data storage and transmission solutions, enhancing the integrity and authenticity of data exchanged within and between vehicles. Quantum computing, though still in its early stages, has the potential to revolutionize encryption methods, providing unprecedented levels of security. Incorporating these technologies into the multi-concern development lifecycle will help to create more resilient and secure automotive systems.
The future of multi-concern development in the automotive industry will be shaped by advancements in tools, methodologies, and collaborative efforts that integrate safety and cybersecurity seamlessly. As vehicles become more autonomous and interconnected, ensuring that these systems are both safe and secure will be paramount. By focusing on continuous assurance, collaboration, education, and the adoption of emerging technologies, the automotive industry can meet the challenges of the future head-on, delivering vehicles that provide both peace of mind and exceptional performance.
Duration: 2 weeks Cities: Osaka, Tokyo, Hiroshima, Kyoto Miles Travelled: 9,000Japan in spring is pure magic. Spring felt like a moment suspended in time. The cherry blossoms were at their peak, casting a soft pink glow over temple roofs and narrow cobblestone lanes....
Duration: 2 weeks Cities: Honolulu Miles Travelled: 7,000Our trip to Hawaii was truly a once-in-a-lifetime experience, filled with breathtaking landscapes, warm hospitality, and unforgettable moments. We stayed in Honolulu on the island of Oahu, where the vibrant mix...
Duration: 2 weeks Cities: Durham, Beamish Miles Travelled: 200Traveling to North East England offers a unique blend of history, culture, and character that stays with you long after you leave. One of the highlights is the enchanting city of Durham. Its cobbled streets...
Duration: 2 weeks Cities: Osaka, Tokyo, Hiroshima, Kyoto Miles Travelled: 9,000Japan in spring is pure magic. Spring felt like a moment suspended in time. The cherry blossoms were at their peak, casting a soft pink glow over temple roofs and narrow cobblestone lanes....
[dsm_gradient_text gradient_text="Implementing ISO 18404 in Your Organization: A Practical Guide" _builder_version="4.27.0" _module_preset="default" header_font="Questrial|||on|||||" header_text_align="center" header_letter_spacing="5px" filter_hue_rotate="100deg"...
[dsm_gradient_text gradient_text="Mastering ISO 18404: Essential Lean Six Sigma Competencies and Knowledge Areas" _builder_version="4.27.0" _module_preset="default" header_font="Questrial|||on|||||" header_text_align="center" header_letter_spacing="5px"...
[dsm_gradient_text gradient_text="The Future of Lean and Six Sigma: How ISO 18404 is Shaping the Industry" _builder_version="4.27.0" _module_preset="default" header_font="Questrial|||on|||||" header_text_align="center" header_letter_spacing="5px"...
[dsm_gradient_text gradient_text="ISO 18404 vs. Other Lean and Six Sigma Certifications: What's the Difference?" _builder_version="4.27.0" _module_preset="default" header_font="Questrial|||on|||||" header_text_align="center" header_letter_spacing="5px"...
[dsm_gradient_text gradient_text="Calibration vs Verification in ISO/IEC 17025: A Laboratory Manager's Guide" _builder_version="4.27.0" _module_preset="default" header_font="Questrial|||on|||||" header_text_align="center" header_letter_spacing="5px"...
[dsm_gradient_text gradient_text="ISO 17025 for Small Labs: Scaling Accreditation Without Breaking the Bank" _builder_version="4.27.0" _module_preset="default" header_font="Questrial|||on|||||" header_text_align="center" header_letter_spacing="5px"...
[dsm_gradient_text gradient_text="ISO 17025, Laboratories, and AI: A New Era of Compliance and Innovation" _builder_version="4.27.0" _module_preset="default" header_font="Questrial|||on|||||" header_text_align="center" header_letter_spacing="5px"...
[dsm_gradient_text gradient_text=" Looking Ahead: The Future of ISO/IEC 17025 and Its Impact on the Testing and Calibration Industry" _builder_version="4.27.0" _module_preset="default" header_font="Questrial|||on|||||" header_text_align="center"...