Cybersecurity considerations for Cloud-integrated Trucks
Reza Esmaeili & Salah Hashemi, Combitech
Although integrating Cloud into the design architecture of a vehicle can bring multiple advantages to the system, it can also raise some security issues that need to be addressed. TrAF-Cloud inherits all security requirements needed for designing an in-vehicle architecture while needing to fulfill more requirements concerning a vehicle’s connection to the Cloud.
Cybersecurity starts from the early stages of designing a system until when the system is placed into its operational environment. This seminar covers three cybersecurity analyses performed for the TrAF-Cloud regarding secure design, security in the platform ecosystem, and threat analysis and risk assessment of the current TrAF architecture.
Part 1: Secure by design
In this part, the cybersecurity requirements and best practices in design are introduced in three categories: Requirements as design principles, Requirements imposed by standards and Generic cybersecurity considerations.
Part 2: Cybersecurity in the ecosystem
The need for security becomes more critical when it comes to software products. Thus, Software Ecosystem Governance is no exception to this since it encircles a broader range of activities, and software development governance is only one of them. Here, the required security checks and controls in an ecosystem surrounding software products are presented.
Part 3: Architecture threat analysis
Threat Analysis and Risk Assessment (TARA) is an important act throughout the design and development of a system. This process helps with identifying the risks and threats against the system and assists with deploying efficient security controls and countermeasures. This part includes presentation of the findings from the TARA performed on the current TrAF architecture and a discussion regarding the questions marks raised during the analysis.
The TrAF-Cloud project at a glance
Trucks today are already connected to the cloud, but functionality that utilizes cloud services are often isolated and implemented ad-hoc. Future trucks are expected to integrate seamlessly with off-board functionality to truly become an integral part of the larger traffic system—not only to enable shorter software update loops to respond to new environmental circumstances, but also to allow seamless deployment of functionality on-board where latency is low, or off-board where unlimited computational power is available.
To meet these expectations, the TrAF-Cloud project explores how to harmonize on- and off-board architectural design principles—to safely and securely blur the border between embedded systems and cloud service.
Concretely, the TrAF-Cloud project focuses on the need to: fundamentally change the signal- and ECU-based onboard vehicle architecture; exploring approaches to bridge on- and off-board platforms for seamless deployment; identify on- and off-board abstraction layers, and; to define useful and flexible APIs to promote modularity and reduce the dependence on specific implementations.