safety-security co-engineering

Safety-security co-engineering is a systematic methodology for the concurrent development and integration of functional safety and cybersecurity in vehicles. Its core principle is the recognition that the two are interdependent: a cybersecurity vulnerability can lead to a safety failure (e.g., a remote hack disabling brakes), and a poorly designed safety mechanism could interfere with security. This approach is grounded in standards like ISO 26262 for functional safety and ISO/SAE 21434 for cybersecurity engineering. Specifically, Clause 15 of ISO/SAE 21434 mandates the analysis and management of interactions between them. Within a risk management framework, it integrates the traditionally separate Hazard Analysis and Risk Assessment (HARA) and Threat Analysis and Risk Assessment (TARA) processes. This ensures that emerging risks from these interactions are identified and mitigated early in the product lifecycle, avoiding costly redesigns.

Practical application involves several key steps. First, establish an integrated risk assessment process by combining HARA (ISO 26262) and TARA (ISO/SAE 21434). For an Autonomous Emergency Braking (AEB) system, this means assessing not only sensor failure (safety) but also sensor signal spoofing attacks (security). Second, define coordinated safety and security goals. Based on the integrated assessment, derive requirements that do not conflict. For instance, a security requirement for encrypted Over-The-Air (OTA) updates must not introduce latency that violates a safety-critical real-time performance requirement. Third, conduct integrated verification and validation. Test cases must cover scenarios that trigger both safety and security aspects, such as performing penetration testing on safety-critical ECUs under operational stress. Implementing this approach can significantly improve compliance rates and reduce recall risks associated with safety or security flaws by over 15%.

Taiwanese enterprises face three primary challenges. First, a cross-disciplinary talent gap exists, with few engineers possessing expertise in both safety and security. The solution is to form cross-functional teams and provide targeted training. Second, complex supply chain integration makes it difficult to enforce consistent standards from chip vendors to OEMs. Mitigation involves using Cybersecurity Interface Agreements, as specified in ISO/SAE 21434, to define responsibilities. Third, legacy development processes often treat safety and security as late-stage add-ons. Overcoming this requires adopting Model-Based Systems Engineering (MBSE) to facilitate concurrent analysis from the concept phase. A priority action is to launch a pilot project on a new critical component, like a domain controller, to build initial capabilities within 6-12 months.

Winners Consulting specializes in safety-security co-engineering for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact