The automotive sector has been witnessing rapid penetration of software and electronics. Such a trend has made the process of developing products and components for such connected systems challenging, in terms of maintaining the levels of safety and security. The challenge lies in providing these systems with required connectivity, while keeping their vulnerability to external attacks under check.
LDRA Technology Pvt Ltd offers tools that help customers achieve regulatory standards in the area of software engineering. The company had recently organised a two-city seminar on complying with ISO 26262 and SAE J3061 automotive certification framework. Auto Tech Review caught up with Shinto Joseph, Director – South East Asia Operations, LDRA India (Above), and Athif Allam, Senior Technical Manager, LDRA Certification Services (Below), to know more.
AUTOMOTIVE FUNCTIONAL SAFETY
Given the recent vulnerabilities that greeted top global car OEMs, the automotive industry has conducted research and identified the root cause of such occurrences, noted Allam. Safety and security measures were not implemented properly in earlier development systems, and subsequently stringent steps were initiated defining the secure practices at the code level itself, he said. Allam said it is possible to pick and block vulnerabilities through these code-level security measures so that they do not creep into the system and cause a cascading effect at a later stage.
The safety aspect came in much earlier than the secure coding practices in order to define items at the functional level of development. Once the safety standards were set in place in developing existing software, additional security requirements were brought into the framework. Joseph said that the concept of automotive safety did exist earlier, but the process of getting into each functional unit was not there. Each functional unit is broken down and classified into their independent levels of criticality, he added. Therefore, the core activity of this function lies in the classification of the criticality of safety standards.
Following this classification, design and development were carried out based on the level of integrity for each of these units, for both hardware and software, Joseph explained. The most important feature that came into ISO 26262 was the inclusion of safety at the required aspects, noted Allam.
ISO 26262, SAE J3061 STANDARDS
ISO 26262 directly deals with safety standards and that is what differentiates it when compared to other traditional standards. Meanwhile, security is being addressed now through the new SAE J3061, which focuses on the code-level safety. It enables secure coding practices that ensure that the codes are not vulnerable to attacks. J3061, which has been initiated by the Society of Automotive Engineers (SAE), was formally announced as a standard about 4-5 years ago.
The automotive industry has also adopted a large number of safety-related practices from the aerospace sector, Joseph said. While system security has been discussed in the automotive industry for some time now, it does not make a difference unless it is taken care of at a functional level, he explained. In addition to this, device-level security needs to be put into place, especially for IoT and connectivity of devices. In line with this, LDRA’s thrust is on making all devices secure before making them connected.
SAFETY, SECURITY CHALLENGES
Joseph said that regulation and its level of maturity are major challenges witnessed in the industry at present. In addition to this, the actions that come out of a potential litigation in case of a failure or vulnerability will be weighed as important factors in the adoption of standards. Another challenge is the lack of clarity in the liability being held in the supply chain, when an incident occurs. The automotive industry has been witnessing increasing penetration of software and electronics and the upward move of the industry places it in a better position to adopt these safety and security standards, while developing products.
Joseph further added that certain companies, including a few Indian customers, are taking the aspect of functional safety more seriously. Customers are also voluntarily adopting these certification standards to move towards preventive action on possible situations, from the earlier mode of addressing issues once they crop up, noted Allam. Further, in the Indian context, there is a gap between the standards being followed and the actual requirements. LDRA gets involved in the initial stages of product development of customers, in order to analyse these gaps and then advice on the correct course of action to be initiated to match up to the required legislations, he said.
LDRA is building local expertise in core areas of certification, and is working on a roadmap of building expertise in the form of subject matter experts around the area of certification for more localised development for customers. However, the implementation of ISO 26262 and SAE J3061 standards can come into effect in India only when the country’s Bureau of Indian Standards (BIS) are amended to include them, Joseph signed off.
TEXT: Naveen Arul