IPA Approaches for Vehicle Information Security
Status: Final Published
Date: August 2013
Region: Japan
Background
The Japanese IPA is a governmental agency tasked with monitoring and analyzing shifting IT trends and technologies. Its goal is to provide guidelines and solutions to accelerate industry growth, including in the field of IT security. The IPA published in 2013 a guidance paper on Approaches for Vehicle Information Security, based on past publications from the agency in 2011, including Security in Embedded Systems, Vehicle Information Security, and Approaches for Embedded System Information Security.
Approaches for Vehicle Information Security targets vehicle and vehicle parts manufacturers, as well as providers of various vehicle services.
The guide references a number of existing initiatives and standards that can be used as well, such as TCG’s TPM specification, the European Union’s EVITA project, IEC62443 Cybersecurity Fundamentals Specialist certificate, ISO 7002 Information Security Standard, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, E.U. Preparing Secure Vehicle-to-X Communication Systems (PRESERVE), and U.S. NIST Computer Security Incident Handling Guide.
Summary
The guide starts by detailing the automotive system model (internal architecture, peripheral systems, information, and other vehicle assets, etc.) and the various threats and vulnerabilities affecting them. A lengthy Appendix I serves to offer security measures that can be implemented against those threats. The table titled “A Mapping Table for Functions, Threats and Countermeasure Techniques” (for in-vehicle systems) provides a sort of check-list for developers on how to offset particular threats (e.g., virus infection, unauthorized use, information leakage, DoS attack, etc.) with specific security techniques (e.g., communication channel encryption, server authentication, packet filtering, source code review, etc.).
Throughout the document, and for each phase and subsection, the guide provides a classification table with four basic levels of security. A total of 15 such tables are included and follow a similar format that can be applied: level 1 requiring no security, level 2 detailing light or on-the-spot security, level 3 focusing on an organization-wide security implementation, and level 4 referencing the highest level of security, often in line with international standards, experts, or implemented on a daily basis. These tables cover the following measures:
- Drawing up security rules
- Providing security education
- Collecting and disseminating security information
- Formulating requirement definition considering security
- Securing a security-related budget
- Security consideration when outsourcing system
- Responding to threats posed by the adoption of new technologies
- Designing
- Security measures in the implementation phase
- Security assessment and debugging
- Preparing for web contents to provide information to users
- Concerning handling security issues
- Providing information to users and those involved in vehicles
- Leveraging vulnerability information
- Drawing up and disseminating disposal policy
The guide provides a comprehensive step-by-step process of how best to implement security for automotive systems from a life cycle perspective, which includes planning, development, operation, and disposal. The guide recommends the adoption of an overall security management posture throughout.
The planning phase consists of ensuring security is defined in the product concept, and an appropriate security budget is ensured. Guidance is also provided in case system development is outsourced, and how best to ensure the third party forms part of the security planning. Finally, security should also be considered if the developers plan on incorporating new technologies that may pose new, unknown threats to automotive systems.
In the development phase, the guide details how to incorporate security in design and implementation, and how these efforts can be assessed and debugged during testing (e.g., reviewing source code, static analysis tools, compliance, fuzzing, vulnerability assessments, etc.). The guide also provides recommendation on how to share such information to users.
The operations phase includes information on how to handle security issues, securely provide information (both to users and those involved in developing vehicle services), and leverage vulnerability information.
The disposal phase offers recommendations on how to draw up and disseminate a disposal policy (i.e., during rentals, resale of vehicle, or complete disposal) that should remove identifiable or other personal information from the vehicle. The focus here is primarily on privacy protection of user information.
Appendix II of the guidelines provides a master table for all the various security effort levels provided throughout the document, matching them under the relevant four phases. The table denotes which section is applicable to which stakeholder (vehicle OEM, parts manufacturer, dealers, owners, users, rental agents, maintenance factories, vehicle equipment outlets, providers of other third-party services, used car dealers, and automotive dismantlers).
Notes
The guide, while dated, is still very much applicable, and serves to support other efforts in Japan, notably JASO TP-15002 Guideline for Automotive Information Security Analysis published in 2016 by the Society of Automotive Engineers of Japan (JSAE). IPA, alongside JSAE and the Japan Automobile Manufacturers Association (JAMA) work together in JASPAR, established to enable standardization of electronic control systems and software of in-vehicle networks. Two workgroups are focusing currently on cybersecurity, notably on promotion and technical standards development. Further, a Japanese Auto-ISAC (J-Auto-ISAC) has been founded for information sharing about cybersecurity.