Security and Cybersecurity
exida provides its experience to contribute to the success of its Customers Cybersecurity initiatives.
What is Cybersecurity
In the traditional information technology field, Security consists in the protection against non-authorized access to systems and system components, so as to avoid damage to the hardware and the software, theft of electronic data as well as disruption or malfunctioning of the provided services. Cybersecurity occurs when the essential aspect is not only the protection of information resources, but also the safeguard of humans using them. In the Cybersecurity context, humans are considered both, potential targets of cyber-attacks and agents, unknowingly participating in the cyber-attacks.
The topics related to the Cybersecurity are becoming more and more relevant, due to the increase of information technology items and goods, (e.g. smartphones, vehicles, houses, televisions, …), usually integrated to Internet, therefore extremely vulnerable, normally used by an increasing number of people. Due to the complexity of this topic, in terms of social aspects (e.g. the privacy regulation) and technological implications, Cybersecurity is one of the major challenges in the contemporary world.Cybersecurity Standards
SAE J3061 (Automotive)
The SAE J3061 has been the foundation for the development of the ISO/SAE 21434 standard. It provides a set of high-level guiding principles for Cybersecurity as it relates to cyber-physical vehicle systems. It defines the life cycle process framework, from concept phase through production, operation, service, and decommissioning, and provides information on some common existing tools and methods used while designing, verifying and validating cyber-physical vehicle systems.
ISO/SAE 21434 (Automotive)
This standard aims at managing the Cybersecurity of electrical and electronic systems in road vehicles, similar to how ISO 26262 manages the Functional Safety aspects. Just as the FuSa approach is based on the analysis of the possible failures, having the Hazard Analysis Risk Assessment (HARA) as a starting point, the Cybersecurity begins by the analysis of the possible attacks and related potential leaks that allow them, having as incipit the Threats Analysis Risk Assessment (TARA).
IEC 62443:2018 (Information Security)
Is an international series of standards on "Industrial communication networks - IT security for networks and systems". It describes both technical and process-related aspects of industrial cybersecurity, making a distinction between different roles: the operator, the integrator and the manufacturer. For each role it provides a specific risk-based approach to prevent and manage security risks in its activities.
Part 4 specifies in detail the process requirements for the secure development of products used in industrial automation and control systems (IACS). In this definition of process security requirements, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and end-of-life product are included.