(“ASQMS Expert Commentary” is an article series on ASQMS written by automotive software quality experts around the world, based on their own insights, practices, implementation, or evaluation of ASQMS. ASQMS is the coming world group standard for Software Quality Management System.)
Ye QU
Senior Software Process Improvement Consultant I ISO26262 Functional Safety Engineer I ISO21434 Cybersecurity Expert I Functional Safety/Cybersecurity Trainer I ASPICE Trainer I ASQMS Application Working Group Member
1. Typical security risks faced by automotive software
With the rapid development of new infrastructure such as 5G, artificial intelligence, and the Internet of Things, intelligent connected vehicles are no longer isolated mechanical units, but are gradually transforming from mobile private spaces to mobile smart network terminals. In this process, the security issues of smart vehicles have become particularly prominent:
A. Overall security risks brought about by increasing vehicle integration and complexity
Currently, intelligent connected vehicles are equipped with up to 150 ECUs and run about 100 million lines of software code. If there are security flaws, it may pose a serious security threat to the driver and passengers and surrounding people.
B. Risk of cyber attacks caused by networking
As a mobile terminal, the vehicle has a lot of data sensing nodes and needs to communicate with the outside world. Bluetooth, Wi-Fi, cellular networks, OTA, etc. have become channels that hackers can use to cause property loss or personal injury.
C. Privacy data protection risk
During the use of the vehicle, the vehicle not only generates driving data (such as driving route, speed, fuel consumption, etc.), but also collects a large amount of personal information (such as name, contact information, home address, etc.). If this information is not properly protected, the risk of information leakage will cause huge damage.
2. The necessity of monitoring security
As security risks are gradually being taken seriously, how to identify security incidents in a timely manner and respond quickly has become the top priority for ensuring the safety of intelligent connected vehicles.
A series of safety-related regulations and standards have been issued internationally, including the EU's R155/156, ISO21434, ISO24089, GDPR, and China's "GB 44495-2024 Technical Requirements for Vehicle Information Security" and "GB 44496-2024 General Technical Requirements for Automobile Software Upgrades".
These regulations and standards set safety control methods at the vehicle level from a safety perspective. As mandatory standards for vehicle homologation, they are prerequisites that must be met.
3. ASQMS requirements for safety monitoring and incident response
ASQMS, as a quality management system standard in the software field, fully considers the importance of safety. Based on the requirements of safety regulations and standards, combined with the characteristics of software development, it creatively defines how to perform safety monitoring and safety incident response in the software development process, which can be used as a practical implementation standard for all software suppliers in the automotive supply chain.
The security requirements of ASQMS mainly include the following aspects:
A. The organization shall establish a dedicated software operation and maintenance team to manage product-related security incidents
The main responsibilities of the team include:
(1) Monitor and collect security incidents, classify and manage security incidents, locate specific products and determine whether there are product-related vulnerabilities, and output effective information to the product development team;
(2) Track security vulnerability countermeasures, organize and arrange the analysis and formulation of corresponding plans for security vulnerabilities, track the implementation and verification of corresponding plans and finally release them;
(3) Use closed-loop management of security incidents, maintain security vulnerabilities in the company's security weaknesses/vulnerabilities list, and report and manage them in accordance with national safety management regulations.
B. The organization shall define a unified security incident management procedure
The security incident management procedure specifies the management process, roles, responsibilities, resources and outputs of security incidents, and continuously verifies and improves them through security incident response.
(1) Monitor regularly security events
▪ For monitoring methods, it is recommended to use automated tools for real-time monitoring, and the manual monitoring cycle should not be less than 1 month;
▪ The objects of monitoring include but are not limited to the weakness/vulnerability list maintained by the project team during the development process, industry vulnerability platforms (such as CVE) and national vulnerability platforms, network security forum groups, etc.
(2) Confirm product-related security vulnerabilities
Establish security vulnerability keywords, and effectively identify product-related vulnerabilities through keyword filtering. The scope of vulnerability identification includes:
▪ Internal and external, including the parts responsible for suppliers at all levels, which also need to be strictly monitored;
▪ All components involved in the product, including: software modules (self-developed/purchased), operating systems, hardware modules, etc., the organization needs to establish a relevant list and continuously update and maintain it;
(3) Develop effective vulnerability resolutions
▪ Organize relevant disciplines to fully discuss and develop reasonable vulnerability resolutions;
▪ Conduct sufficient review and verification, and repair vulnerabilities through security channels such as OTA;
▪ For vulnerabilities that are accepted in the processing decision, it is necessary to issue a security statement in a timely manner and notify the user end to control the impact of security risks.
(4) Use closed-loop vulnerability management
▪ Maintain vulnerability content in the company's security weakness/vulnerability list, create patches corresponding to the vulnerabilities, and release them to various products to prevent future products from continuing to expose related vulnerabilities;
▪ The vulnerability management process needs to be reported and managed in accordance with relevant national security management regulations.
Looking for more information? Contact our ASQMS consultants through email info@asqms.de .
