top of page

Automotive Cybersecurity & Functional Safety Synergies

With the ever increasing features and complexities in the modern vehicles, two most important factors for the vehicle E/E systems are Functional Safety and Cybersecurity.


The Functional Safety standard ISO 26262 has been around for a while and its compliance has become a default. Over the years the organizations have developed a well defined processes to ensure the compliance. The newly released ISO/SAE 21434 standard for cybersecurity is structured in parallel lines with the more known ISO 26262 standard, along with some significant differences too.


Understanding the similarities and the differences between both standards shall allow the organizations to implement an efficient and cost saving integrated approach.


Below is an insight on the synergy between the Functional Safety and Cybersecurity aspects and also between their corresponding standards.


Synergies

The following diagrams show some overlap and synergies between the two standards.


1. In Functional Safety the Hazards leading to System malfunction and the safety impact is studied. In Cybersecurity the Threats compromising the System and their impact to the System availability, User privacy and System safety are analyzed.


Both Cybersecurity and Functional Safety concern with System Safety Impact
Cybersecurity and Functional Safety Overlap
Both Functional Safety and Cybersecurity concern with Safety Impact of the system.
ISO/SAE 21434 applies for all the E/E systems whereas ISO 26262 applies only for the Safety related E/E systems.

2. A threat scenario analysis may determine a Safety impact; whereas a hazard analysis may reveal a Cyber-attack as a cause.


A threat scenario analysis shall determine a Safety impact; whereas a hazard analysis shall reveal a Cyber-attack as a cause.
Synergy between HARA & TARA
Effective communication shall exist between the Functional Safety and Cybersecurity analysis.

3. In Functional Safety, a goal of the HARA is to determine the ASIL value. In Cybersecurity, the goal of TARA is to calculate the Risk Value and determine the Risk Treatment decision.


In HARA, ASIL value is determined. In TARA, Risk Value is determined. CAL is optional
ASIL & RV determination with HARA & TARA
CAL determination is optional in TARA unlike the mandatory ASIL determination in HARA.

4. Organizations shall implement an integrated approach to achieve both the Functional Safety and Cybersecurity. Certain activities could be performed together to address related impacts and efficiency.

Cybersecurity and Functional Safety Implementation

 

ISO 26262 & ISO/SAE 21434 - Key differences


Significant differences between the requirements in the two standards are listed below. The corresponding implementations shall also carry over the differences, some are listed.

ISO/SAE 21434

ISO 26262

TARA analyzes the risk of a threat scenario to determine the Impact and Attack Feasibility. Risk Value is the output.

HARA evaluates risk of a hazard event in terms of severity, exposure and controllability. ASIL is the output.

Uncertainty and Likelihood are the focus of TARA

Predictability and Probability are the focus of HARA

Cybersecurity of a system is dynamic. Safe state cannot be assigned.

Functional Safety of a system is static. A Safe State is assigned.

TARA is to be performed continuously during concept and development stages

HARA may be performed once to determine the ASIL value.

CAL : No explicit CAL Driven processes

ASIL : Many ASIL Driven processes specified

No Independency Scheme.

Could be adopted from ISO 26262

Independency Scheme based on ASIL

Audit : Performed on Organization level Processes

Audit : Performed on Implemented Project Processes

Assessment : Optional

Assessment : Necessary


 

Comments


bottom of page