Background
Over the past few years, there has been a proliferation of automotive electrical and/or electronic (E/E/ PE) systems such as adaptive driver assistance systems, anti-lock braking systems, steering and airbags. ISO 26262 “Road vehicles – Functional safety” was first published in 2012 in response this explosion in automotive E/E/PE system complexity and the associated risks to public safety , bringing with it an opportunity for automotive manufacturers to embrace best functional safety practices throughout the development lifecycle.
ISO 26262 requires any threats to functional safety to be adequately addressed, implicitly including those relating to security threats, but it gives no explicit guidance relating to cybersecurity.
At the time of ISO 26262’s publication, that was perhaps to be expected. Automotive embedded applications have traditionally been isolated, static, fixed-function, device-specific implementations, and practices and processes have relied on that status. But the rate of change in the industry has been such that by the time of its publication in 2016, SAE International’s Surface Vehicle Recommended Practice SAE J3061 in January 2016 was much anticipated.