Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing body of this standard shall not be held responsible for identifying any or all such patent rights.
This standard was proposed by and is under the jurisdiction of the National Technical Committee 260 on Information Security of Standardization Administration of China (SAC/TC 260).
Information security technology - Cybersecurity guide for automotive electronics systems
1 Scope
This standard gives the framework of cybersecurity activities of automotive electronics systems, and suggestions on cybersecurity activities, organization management, and support of automotive electronics systems under such framework.
This standard is applicable to guiding all organizations involved in the automotive electronics supply chain, such as automobile manufacturers, parts suppliers, software suppliers, chip suppliers and various service providers, to carry out cybersecurity activities, and to guide relevant personnel to meet basic cybersecurity needs in the process of design, development, production, operation, service, etc. of automotive electronics systems.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 18336-2015
(all parts) Information technology - Security techniques - Evaluation criteria for IT security
GB/T 20984-2007 Information security technology - Risk assessment specification for information security
GB/T 29246-2017 Information technology - Security techniques - Information security management systems - Overview and vocabulary
GB/T 30279-2013 Information security technology - Vulnerability classification guide
GB/T 31167-2014 Information security technology - Security guide of cloud computing services
GB/T 31168-2014 Information security technology - Security capability requirements of cloud computing services
GB/T 31509-2015 Information security technology - Guide of implementation for information security risk assessment
GB/T 31722-2015 Information technology - Security techniques - Information security risk management
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 29246-2017 and the following apply.
3.1
automotive electronics systems
system for realizing control or service through electronic technology in automobile, which is an embedded system applied in automobile field, including vehicle body control electronics system and vehicle service electronics system
Note 1: Vehicle body control electronics system shall be used in conjunction with on-board mechanical system, including engine control system, chassis control system and vehicle body electronics control system.
Note 2: In-vehicle service electronics system can be used independently of automobile environment, including the in-vehicle infotainment and personal device interactive information system.
3.2
pending question
cybersecurity threats which cannot be reduced or cannot always be reduced by existing cybersecurity control measures during the security assessment, as well as problems that need to be further analyzed and dealt with in the follow-up process
3.3
system context
collection of contents to define the system hardware and software interfaces, critical data flow, storage and information processing
3.4
attack tree analysis
method to analyze the possible attack paths of attackers starting from the application layer of the system
3.5
cyber-physical system
system consisting of computing components and physical control components
3.6
cyber-physical vehicle system
vehicle embedded control system with tightly-coupled locomotion between the computational components and physical components of the system and the surrounding environment of the system
3.7
cybersecurity statement
cybersecurity assessment, before the production link where the product is about to be officially released and after all the stage inspections are completed, to provide the conclusion and evidence that each design and development feature meets the cybersecurity goal
3.8
cybersecurity goal
cybersecurity goal that needs to be achieved according to the functional characteristics of a certain system from the results of threat analysis and risk assessment
Note: The cybersecurity goal(s) is (are) the highest abstract level of security needs, and specific functional and technical cybersecurity needs will be derived based on it (them) in the product development stage.
3.9
trust boundary
boundary where the "trust" level of program data or execution flow changes
Note: The trust boundary of an execution flow can be where the permission of an application is promoted.
4 Abbreviations
For the purposes of this standard, the following abbreviations apply.
CAN Control Area Network
ECU Electronic Control Unit
FOTA Firmware Over The Air
IVI In-Vehicle Infotainment
JTAG Joint Test Access Group
MISRA Motor Industry Software Reliability Association
OBD On-Board Diagnostic
SIM Subscriber Identity Module
SOTA Software Over The Air
T-BOX Telematics BOX
USB Universal Serial Bus
V2X Vehicle to Everything
5 Cybersecurity activity frameworks of automotive electronics systems
5.1 General
The cybersecurity activity frameworks of automotive electronics systems are shown in Figure 1, including cybersecurity activities of automotive electronics systems, organization management and support, of which, cybersecurity activities are the core of the framework, mainly refer to the related security activities carried out in various stages of automotive electronics system life cycle. These stages include conceptual design stage, system-level product development stage, hardware-level product development stage, software-level product development stage, and product production, operation and service stage.
Foreword i 1 Scope 2 Normative references 3 Terms and definitions 4 Abbreviations 5 Cybersecurity activity frameworks of automotive electronics systems 5.1 General 5.2 Organization management 5.3 Cybersecurity activities 5.4 Support 6 Organization management for cybersecurity of automobile electronics systems 6.1 Organization settings 6.2 Establishment of a communication and coordination platform 6.3 System construction and staff training 6.4 Testing and assessment 6.5 Stage inspection 7 Cybersecurity activities of automobile electronics systems 7.1 Conceptual design stage 7.2 System-level product development stage 7.3 Hardware-level product development stage 7.4 Software-level product development stage 7.5 Production, operation and service stages of the product 8 Automotive electronics system cybersecurity support 8.1 Configuration management 8.2 Needs management 8.3 Change management 8.4 Document management 8.5 Supply chain management 8.6 Security of cloud, channel and device Annex A (Informative) Typical cybersecurity risks of automotive electronics systems Annex B (Informative) Examples of protective measures for cybersecurity of automotive electronics systems Annex C (Informative) Example of the incident handling checklist Bibliography
信息安全技术 汽车电子系统网络安全指南 1 范围 本标准给出了汽车电子系统网络安全活动框架,以及在此框架下的汽车电子系统网络安全活动、组织管理和支撑保障等方面的建议。 本标准适用于指导整车厂、零部件供应商、软件供应商、芯片供应商以及各种服务提供商等汽车电子供应链上各组织机构开展网络安全活动,指导相关人员在从事汽车电子系统的设计开发、生产、运行和服务等过程中满足基本的网络安全需求。 2 规范性引用文件 下列文件对于本文件的应用是必不可少的。凡是注日期的引用文件,仅注日期的版本适用于本文件。凡是不注日期的引用文件,其最新版本(包括所有的修改单)适用于本文件。 GB/T 18336—2015(所有部分) 信息技术 安全技术 信息技术安全评估准则 GB/T 20984—2007 信息安全技术 信息安全风险评估规范 GB/T 29246—2017 信息技术 安全技术 信息安全管理体系 概述和词汇 GB/T 30279—2013 信息安全技术 安全漏洞等级划分指南 GB/T 31167—2014 信息安全技术 云计算服务安全指南 GB/T 31168—2014 信息安全技术 云计算服务安全能力要求 GB/T 31509—2015 信息安全技术 信息安全风险评估实施指南 GB/T 31722—2015 信息技术 安全技术 信息安全风险管理 3 术语和定义 GB/T 29246—2017界定的以及下列术语和定义适用于本文件。 3.1 汽车电子系统 automotive electronics systems 在汽车中通过电子技术实现控制或服务的系统,是一类应用于汽车领域的嵌入式系统,包含车体控制电子系统和车载服务电子系统。 注1:车体控制电子系统与车上机械系统配合使用,包括发动机控制系统、底盘控制系统、车身电子控制系统等。 注2:车载服务电子系统能够独立于汽车环境使用,包括车载信息娱乐系统及个人设备交互信息系统等。 3.2 未决问题 pending question 在进行安全性评估时,现有网络安全控制措施不能降低或不确定能够降低的网络安全威胁,以及需要在后续过程中进一步分析和处理的问题。 3.3 系统上下文 system context 定义系统软硬件接口、关键数据流、存储和信息处理等内容的集合。 3.4 攻击树分析 attack tree analysis 由系统应用层出发,分析攻击者可能进行的攻击路径的方法。 3.5 信息物理系统 cyber-physical system 由计算部件和物理控制部件组成的系统。 3.6 信息物理车辆系统 cyber-physical vehicle system 在系统的计算部件和物理部件以及系统周围环境之间存在紧密耦合的车辆嵌入式控制系统。 3.7 网络安全状况说明 cybersecurity statement 在所有的阶段检查完成后,在产品即将正式发布的生产环节之前进行的网络安全评估,为每一个设计和开发的特性提供其满足网络安全目标的结论与证据。 3.8 网络安全目标 cybersecurity goal 从威胁分析和风险评估结果中获得的,针对某系统功能特性需要达到的网络安全目标。 注:网络安全目标是最高抽象层次的安全需求,在产品的开发阶段将会以它(们)为基础导出具体功能的和技术的网络安全需求。 3.9 信任边界 trust boundary 程序的数据或执行流的“信任”级别发生改变的边界。 注:一个执行流的信任边界可以是在一个应用的权限被提升的地方。 4 缩略语 下列缩略语适用于本文件。 CAN:控制域网络(Control Area Network) ECU:电子控制单元(Electronic Control Unit) FOTA:固件空中下载(Firmware Over The Air) IVI:车载信息娱乐系统(In-Vehicle Infotainment) JTAG:联合测试访问组(Joint Test Access Group) MISRA:汽车工业软件可靠性协会(Motor Industry Software Reliability Association) OBD:车载诊断系统(On-Board Diagnostic) SIM:用户身份模块(Subscriber Identity Module) SOTA:软件空中下载(Software Over The Air) T-BOX:智能网联汽车的通信网关(Telematics BOX) USB:通用串行总线(Universal Serial Bus) V2X:车对车、车对外界的信息交换(Vehicle to Everything) 5 汽车电子系统网络安全活动框架 5.1 概述 汽车电子系统网络安全活动框架如图1所示,包含汽车电子系统网络安全活动、组织管理以及支撑保障,其中网络安全活动是框架的核心,主要是指在汽车电子系统生命周期各阶段开展的相关安全活动,这些阶段包括概念设计阶段,系统层面的产品开发阶段,硬件层面的产品开发阶段,软件层面的产品开发阶段,产品生产、运行和服务阶段。
