Construction machinery is equipped with computers connected to multiple sensors. Faced with this profusion of data, designing and developing embedded solutions is a real challenge in terms of securing embedded systems. Like all the products developed and produced by ACTIA, the new range of SPUs, introduced in BAUMA, integrates the levels of functional safety AND cybersecurity requirements.
Security by Design: securing from design and development phases
The concept of “securing” translates into the growing requirements for both safety and cybersecurity. ACTIA therefore develops its on-board ECU that are compatible with the standards of these two requirements, right from the design phase.
In terms of cybersecurity more specifically, the security of ACTIA products is based on a pragmatic approach based on analysis, risk management and their continuous monitoring.
ACTIA is constructing a CTI (Cyber Threat Intelligence) process that consists in collecting, organising, and analysing information related to cybersecurity risks and threats.
This process, used upstream of the life cycle, allows attacks and threats to be considered in the initial risk analysis, and appropriate protective measures to be defined from the design and development phases.
In the series production phase, it guarantees orchestrated resiliency, adaptation of the architecture to changes in these new attacks or vulnerabilities.
At the same time, ACTIA is embedding cybersecurity requirements and best practice into its design and development processes.
“Integrity and confidentiality of information carried on the networks is a critical issue for connected vehicles. As a result, ACTIA natively integrates software & data protection requirements and measures from the very start, and throughout the life cycle of the vehicle architectures and systems.”
Explains Fabien TRINITÉ, ECU Automation Product Group director.
ACTIA is involved in the current standards framework
The security needs of architectures and embedded systems require ensuring the authenticity and integrity of components. ACTIA is able to integrate them into its technologies in advance. Thus, the 2nd generation of SPU box takes into account these constraints of both safety and cybersecurity.
Automotive regulations and standards
The group is developing systems that cover the safety recommendations:
– ISO 26262: relating to road vehicle functional safety;
– ISO 13849 & 25119, regarding specialised machinery;
and cybersecurity:
– ISO/SAE 21434: engineering requirements for cybersecurity for road vehicles;
– ISO 27001: Information Security Management System
Cyber protections taken into account
- Firewall and flow-filtering functions in interfaces with external networks;
- Intrusion attempt or other threat (virus) detection and prevention functions;
- Securing the vehicle’s CAN bus, the system boot and updates;
- Protection of integrity of vehicle diagnostic inputs (OBD, etc.);
- Protection of internal communications (between ECUs), of communications between the vehicle and information systems, or communications between vehicles and infrastructure (V2X), particularly with encryption and electronic signature;
- Protection of the integrity of on-board ECUs (including data and program protection);
- Globally, securing the information systems involved in the operation of connected and autonomous vehicles.
Cyber threats
In concrete terms, these protective measures meet the objectives of protecting the system from a set of threats, such as reprogramming ECUs through unauthorised access, or modification to communications through network attacks.
These threat scenarios can lead to incidents affecting vehicle operation (able to cause accidents or financial losses), or users (theft of personal data).
“ACTIA is able to support our customers in these integrated cybersecurity approaches, acting as a real partner when it comes to these subjects. To this end, ACTIA uses a risk analysis methodology and requirement traceability tools, which make it easier to manage these aspects throughout the life cycle of the product. These tools highlight the need for intensive collaboration with all stakeholders, and the emergence of a new service-based economic model: monitoring, control and patches related to new threats.”
Says Catherine LEDEUIL, VEA (Vehicle Electronic Architecture) marketing and sales manager.
Through synergy of its vehicle architecture, diagnostics and telematics expertise, ACTIA is renowned for his high level of understanding of the digital ecosystem in vehicles. The group is working on a daily basis to strengthen his security and cyber protection solutions to offer to manufacturers a high-performance trusted environment. For OEM to be able to adapt to permanent threats, the electronic architecture of the future is to be robust and resilient. Actia is a main actor in this domain.
ACTIA at BAUMA – Munich 2022 October 24-30
Hall1- Stand 645