Pivoting Toward Safety-Critical Verification In Cars
BY: ANN STEFFORA MUTSCHLER
Experts at the Table: Changing the automotive mindset; verification after manufacturing; security updates.
SE: How do we change the mindset in the automotive industry to focus more on safety-critical devices and the verification of them?
Marchese: Security is an economics race and you’re never going to be secure. The first switch in terms of mindset, which is particularly relevant in automotive is, how to continually assess the security of your system. How do you continually monitor new vulnerabilities that are discovered across each and every component, or software components of your system? And once discovered, how do you assess the implication on your system from the component to the system level? Also, how do you distribute responsibility across the supply chain? When you build a new thing that is going to be at least partly covered by the automotive standard, it means companies are going to be forced to have incident response plans to manage the responsibility across the supply chain. You’re going to have the system-level tools that are going to help do that. There are new vulnerabilities such as databases, where hardware is being introduced into the CWE (Common Weakness Enumeration) database, which was only for software, represent a big shift not only at the engineering level in terms of thinking about security, but also the organizational level and the supply-chain level.
[...]
Designs should be completed with the possibility of implementing patches and code updates, as this will also prolong the lifecycle of the product enhancing value and security.
