What if we apply the Common Criteria Security Assurance Concept ?
We have learned a lot from the Common Criteria framework applied on IT products. It proved to be successful in some domains such as the financial and the government IT procurement area. Given the swift product life cycle and flexible nature of business operations nowadays, initiatives for improving the existing concept are taking place. Considering this, the elements of an efficient automotive security assurance framework should have the following properties:
- Security Profiles/Protection Profiles — should outline the security goals “(e.g. strong authentication, firmware integrity, and human safety)” of the automotive product classes.These have to be based on well thought security risk analysis involving risk-owners, developers and cybersecurity experts. Standardizing these would provide an industry-wide application of common security goals for each given product class;
- System Security Requirements — working in tandem with the security profiles, these would define security requirements focusing on the level of controls “(e.g.tamper resistant secure storage, certified RNG and Secure event logging)”. Each product would have a minimum of these security requirements to fulfill, establishing an expectation for the level of security it should possess;
- Process Requirements — this will define all the activities related to product development and operational phase to comply with the security level requirement of the security profile “(e.g. ISO 26262, SDLC, GDPR, ISO 27000, etc.) ,”
- Security Assurance Methodology — an optional step to establish the measures each internal or external evaluator should take to determine whether a product meets the needs of the security profile.
Coming up with an automotive security assurance framework is undoubtedly a challenge for security and automotive experts alike. However, the automotive domain could benefit significantly from it, making end users safer and propelling the progress of the entire industry.