V1.0 | 2019-07-01
Dr. Christof Ebert, Vector Consulting Services, @VectorVCSStuttgart, 1. Jul. 2019
Agile Safety and Cybersecurity for Critical Systems
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Vector Consulting Services
Welcome
Transport
Automotive
Aerospace
Medical
Digital Transformation
IT & Finance
Vector is global market leader in automotive software and engineering toolchain with over 2.700 employees
Vector Consulting Services is supporting clients worldwide
Product development, IT and change management
Processes, tools, trainings, coaching transformation, interim support
Agile, cybersecurity, safety, ASPICE, requirements engineering, etc.
www.vector.com/consulting
www.vector.com/consulting-career
2/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
1. Welcome
2. Risk-Oriented Development
3. Scaling Agile for Critical Projects
4. Practical Guidance and Vector Experiences
5. Conclusions and Outlook
Agenda
3/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Vector Client Survey 2019
Risk-Oriented Development
Safety and Security dominate both short-term and mid-term
Mid
-ter
m c
hal
lenges
Short-term challengesVector Client Survey 2019.
Details: www.vector.com/trends. Horizontal axis shows short-term challenges;
vertical axis shows mid-term challenges. Sum > 300% due to 5 answers per question. Strong
validity with 4% response rate of 2000 recipients from different industries worldwide.
Innovation
Competences
Efficiency
Flexibility
Distributed teamsConnectivity
Quality
Complexity
Digital transformation
Compliance
Others0%
10%
20%
30%
40%
50%
60%
0% 10% 20% 30% 40% 50% 60% 70%
Competitiveness
Innovation
: The Fight of Two Forces
4/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Automotive Trends Impact Safety and Security
Risk-Oriented Development
1. Powertrain
Energy efficiency
2. Driver Assistance
Autonomous driving
3. Connectivity
Always connected
Unintended speed change
Signal confusion
Sudden Driver distraction
5/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Combined Safety and Security Need Holistic Systems Engineering
Risk-Oriented Development
Functional Safety
Goal: Protect health
Risk: External hazards
Governance: ISO 26262 etc.
Methods:
HARA, FTA, FMEA, …
Fail operational, …
Redundancy, …
Liability Risk management Holistic systems engineering
Cybersecurity
Goal: Protect assets
Risk: Internal threats
Governance: ISO 21434 etc.
Methods:
TARA, Def. Coding…
Cryptography, ID/IP, …
Key management, …
Privacy
Goal: Protect personality
Risk: Data threats
Governance: ISO 27001 etc.
Methods:
TARA,…
Cryptography,…
Explicit consent, …
6/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Standards Demand Risk-Oriented Approach
Risk-Oriented Development
Functional Safety (IEC 61508, ISO 26262, ISO 21448)
Hazards and risk mitigation Increasing focus on SOTIF and compliance Safety engineering and culture
ISO 26262 ed.2 refers to shared methods, e.g. TARA
architecture methods data formats & functionality
+ Security (ISO 27001, ISO 15408, ISO 21434, SAE J3061)
Security and Safety are interactingand demand holistic systems engineering
Threat and risk mitigation Abuse, misuse, confuse cases Security engineering
Safety Goals and
Requirements
Functional and Technical
Safety-Concept
Op. Scenarios, Hazard, Risk Assessment
Safety Implemen-
tation
Safety Validation
Safety Case, Certification,
Approval
Safety Verification
Assets, Threats and Risk
Assessment
Security Goals and
Requirements
Technical Security Concept
Security Implemen-
tation
Security Validation
Security Case, Audit,
Compliance
Security Verification
Safety Management
after SOP
Security Management
in POS
For (re) liable and efficient ramp-up connect security to safety governance7/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
4/5G
OBD DSRC
SuppliersOEM
Public Clouds
Service Provider
ITS Operator
ACES (Autonomy, Connectivity, e-Mobility, Services)
Risk-Oriented Development
Cybersecurity will be the major liability risk in the future.Average security gap is detected in 70% of cases by a third party – and soon exploited.
Cyberattacks Hazards
Password attacks
Application vulnerabilities
Rogue clients, malware
Man in the middle attacks
Eavesdropping, Data leakage
Command injection, data corruption,
back doors
Physical attacks,Sensor confusion
Trojans,Ransomware
8/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Functional Safety and Cybersecurity Demand Risk-Oriented Development
Risk-Oriented Development
Risk = Severity of harmful event × Probability of occurrence
Prob
abili
ty
Severity
acceptable risk
inacceptablerisk
Risk-oriented engineering means to intelligently mitigate the residual risks
Asset Attack Threat
Attack Potential Security Goal
is performed
against is reduced by
requirescauses
has value for
Threat Agent(e.g. hacker)
Stakeholders(e.g., driver, OEM)
has
Security Engineering
is achieved by
9/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
1. Welcome
2. Risk-Oriented Development
3. Scaling Agile for Critical Projects
4. Practical Guidance and Vector Experiences
5. Conclusions and Outlook
Agenda
10/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Agile Appears Easy – But Is Very Demanding in Real Projects
Scaling Agile for Critical Projects
„Companies with organization-wide agile culture clearly financially outperform their peers.”
Sources: Vector Consulting Services 2019 (industry survey), McKinsey 2018/19, Harvard Business Manager 2017
„Agile is often considered as throwing away processes.”
„IEEE Software and Vector clients consider Agile as highest ranking technology in terms of past AND future impact.”
11/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Agile Must Be Scaled for “Critical” Industry Needs
Scaling Agile for Critical Projects
Process
Interaction and dependencies
Risk mitigation
Compliance
Technology
Legacy evolution
Synchronization
Safety, cybersecurity
Organization
Empowered distributed teams
Collaboration
Global value streams
Business
Value focus
Flexible fast delivery
Supply chains
12/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Agile Scaling for Critical Systems
Scaling Agile for Critical Projects
High
HighLow
RiskCriticality
Governance
Flexibility, Continuity
Sources: Vector + IEEE, 2018
Vector ACE, 2019
ACE: Agile for Critical Engineering
Agile Scaling needs methodology and guidance
13/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Team Preferences: Discipline vs. Delivery
Scaling Agile for Critical Projects
Delivery Orientation
Prov
en M
ethod
s O
rien
tation
Approach
Often quality experts are toomethod-driven anddogmatic, while market expectations are increasingly agile
Teams an projects face severe tensions: Fear Culture
Culture focus, i.e. high leadership need
31!
31
!
Team Preferences Goals
Ensure successful agile transformation while delivering safety and security
Balance quality needs withagile needs, i.e., discipline vs. delivery
Safety Manager
Quality Manager
Typical “Agile” Expectation
14/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
1. Welcome
2. Risk-Oriented Development
3. Scaling Agile for Critical Projects
4. Practical Guidance and Vector Experiences
5. Conclusions and Outlook
Agenda
15/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Case Study: Challenge with Cost and Time at a Global Automotive Leader
Practical Guidance and Vector Experiences
Agile transformation
Organization of the team to Scrum teams of suitable size.
Coaching of Scrum Masters and Product Owners with focus on sense of urgency, removal of obstacles, and short term wins.
Training of management about agile, change of management style and removal of obstacles.
“Downsizing of SAFe” to avoid over-engineering of agile methods in teams.
Results:
22% lower solution cost
26% reduced time to market
On-time delivery of committed milestones has improved
Transparency towards Business Owners and other interfaces outside of R&D has considerably increased.
Delivery Orientation
Transformation Rating
Create a sense of urgency
Create a guiding coalition
Create a vision for change
Communicate the vision
Remove obstacles
Create short term wins
Consolidate improvements
Anchor the changes
Prov
en M
ethod
s O
rien
tation Team Preferences
! !
16/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Concept of Combined Threat/Hazard Analysis and Risk Assessment
Practical Guidance and Vector Experiences
Consider specific automotive assets derived from CIAAG (Confidentiality, Integrity, Authenticity, Availability, Governance) scheme
Assets Threat-Model & Risks Measures Concept for
Solution Verification
Example: Identified threats
Safety
Injuries because of malfunctioning Passive Entry
Financial
Extra cost due to call-back and law-suits
Operational Performance Car cannot be started, doors cannot be opened
Privacy/Legislation
Theft of personal data
Specific automotive asset categories
Privacy,Legislation,Governance
e.g. private data
Operational Performance
e.g. Drivingexperience
Finance
e.g. Liability, brand image
Safety
e.g. Vehicle functions
17/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Model-Based Dependency Analysis
Practical Guidance and Vector Experiences
Traceability from changes based on hierarchic modelling & update of analysis and tests
SystemRequirements
Logical SystemArchitecture
ComponentArchitecture
SimulationImplementation
PowerMirrorCtrl
Type: PowerMirrorCtrl
SwitchMatrix
Type: SwitchMatrix
PowerMirrorPass
Type: PowerMirr...
PowerMirrorDriver
Type: PowerMirr...
PowerManagement
Type: PowerMan...
x+:pm_pass_x+
y+:pm_pass_y+
y-:pm_pass_y-
x-:pm_pass_x-
y+:pm_driv_y+
x+:pm_driv_x+
y-:pm_driv_y-
x-:pm_driv_x-
y:PM_y
x:PM_x
sel:PM_selection
def12:KeyIn
sel:PM_selection
x:PM_x
y:PM_y x+:pm_pass_x+
y+:pm_pass_y+
y-:pm_pass_y-
x-:pm_pass_x-
y+:pm_driv_y+
x+:pm_driv_x+
y-:pm_driv_y-
x-:pm_driv_x-
KeyIn:KeyIn Assembly Net
Assembly Net
Body Ctrl
Driver Door CtrlPass Door Ctrl
Gateway
SwtichMatrix
PassengerMirror DriverMirror
BatMng
-
-
-
-
-
-
-
-
-
DoorLIN:LIN
Ground
PowerSupply
- cv2:4w -KA_Pass Door Ctrl _0
-
-
CANPT:CANC
System FTA/FMEA
ComponentFTA/FMEA
Fault Injection /
TDD
18/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Agile Scaling for Safety and Security Engineering
Practical Guidance and Vector Experiences
Manage dependencies between teams for safety and security related changes
Legend
SW Lead Team 1SW Lead Team 2Technical Lead Testing
Team MemberHardware LeadMechanical Lead
Chief Technical Lead
Kanban Board
Testing Team
HW TeamSW Team 2SW Team 1 Mechanical Team
Scrum of Scrums
Location 1 Location 1
Location 1Location 2
Location 2 Location 3
Safety Manager
Safety Engineering
19/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Tools for Safety and Security
Practical Guidance and Vector Experiences
Customer Benefits Efficient
implementation of cybersecurity and functional safety
Full Life-Cycle support from requirements to concept, design, test and after-sales
Traceability and governance
Support for heterogeneous environments
Package offer for gap analysis and mitigation activities with Vector SafetyCheck or Vector SecurityCheck
Continuous Safety Case
Vector SafetyCheck and SecurityCheck
PREEvision Safety support
20/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Vector SecurityCheck with COMPASS
Practical Guidance and Vector Experiences
Vector SecurityCheck facilitates Systematic risk assessment and mitigation Traceability and Governance with auditable risk and measure list Heuristic checklists with continuously updated threats and mitigation
21/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Design Defensive coding, e.g. memory allocation, avoid
injectable code, least privileges Selected programming rules such as MISRA-C, CERT High cryptographic strength
in line with performance needs Key management and HW-based security Awareness and governance towards social engineering
V&V Methods and Tools Static / dynamic code analyzer Unit test with focused coverage, e.g. MCDC Interface scanner, layered fuzzing tester,
encryption cracker, vulnerability scanner Penetration testing, starting with TARA concept
Safety and Security by Design: Implementation, Verification and Validation
Practical Guidance and Vector Experiences
Classic coverage test is not sufficient anymore.Test for the known – and for the unknown.
Ensure automatic regression tests are running with each delivery.22/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Game Changer: OTA Facilitates Security Across the Life-cycle
Practical Guidance and Vector Experiences
There is no security without continuous Over the Air (OTA) update strategy
OEM Side Update Process
23/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
1. Welcome
2. Risk-Oriented Development
3. Scaling Agile for Critical Projects
4. Practical Guidance and Vector Experiences
5. Conclusions and Outlook
Agenda
24/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Risk-Oriented Development Must Cover the Entire Life-Cycle
Conclusions and Outlook
Systematic safety and security engineering Scaleable incident monitoring and response Multiple modes of operation (normal, attack, emergency, fail operational, fail safe, etc.)
Safety hazards
and security threats
Safety / Security by design
Development
Secured supply chain
Production
Incident responseand upgrades
Operations
Secure provisioningand governance
Services
25/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Integrated Development for Safety and Security
Conclusions and Outlook
Similar to Safety, Security needs to be an integrated part of the development process. Build security upon existing safety governance.
?
Hazard and Risk Assessment
Safety Goals
Functional Safety-Concept
Features and Operation Scenarios
Technical Safety-Concept
Implement. of Safety
Mechanisms
Verify Safety Mechanisms
Test Safety Mechanisms
Validate Safety Assumptions
Safety Case
Safety ActivitySafety Verification on
Unit Level
Assets andAttack
Potentials
Threat and Risk Assessment
Security Goals
Security Architecture
Technical Security Concept
Implement. of Security
Mechanisms
Verify Security Mechanisms
Test Security Mechanisms,
Pen Tests
Validate Security
Assumptions
Security Case
Security Activity
Security Verification on
Unit Level
Safe / Secure Implementation of Nominal Functions
Safety Operations
Security Operations
26/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Vector Offers Comprehensive Portfolio for Cybersecurity and Functional Safety
Conclusions and Outlook
Vector Cybersecurity and Safety Solutions
Trainings
Compliance audits
SecurityCheck, SafetyCheck
Security/Safety support, e.g. virtual safety/security
manager and pentesting
AUTOSAR Basic Software:
MICROSAR Safe
Tools for Design, Test and Lifecycle support:
PREEvision
DaVinci
CANoe
CANdela and Indigo
Engineering Services for Safety and Security
HW based Security
27/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Vector Cybersecurity Symposium 22. April 2020 in Stuttgart Free admission www.vector.com/security
Trainings and Media Free cybersecurity Webinar
(1 hour, continuously updated)www.vector.com/webinar-security
Free Functional Safety Webinar(1 hour, continuously updated)www.vector.com/webinar-safety
Open and in-house trainings are worldwide available
Vector White Papers with Case Studies www.vector.com/media-consulting
More Information…
Conclusions and Outlook
28/29
© 2019. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2019-07-01
Thank you for your attention.For more information please contact us.
Passion. Partner. Value.
Vector Consulting Services
@VectorVCS
www.vector.com/[email protected]: +49-711-80670-1520