Announcing the launch of CHERI Alliance: A unified front against digital threats

Blog

The need for a holistic approach to safety and security

Avoiding Murphy’s Law and Satan’s Law without selling your soul

By Carl Shaw, Safety and Security Architect, and Dave Higham, Functional Safety VP

No one knows Murphy’s Law of “anything that can go wrong, will go wrong” better than automotive OEMs, who must always deliver safe vehicles, addressing risk of harm due to malfunctioning behavior. But with connected cars, there is a new “law” to consider that is equally important: Satan’s Law, which has a historic meaning, in that one should not let ignorance be the exploitation of evil . Semiconductors are increasingly defining the differentiation of vehicles, therefore you must now also assume that any malicious player may want to exploit them to hack your vehicle. What we are doing at Codasip is taking this concept to the next level by fusing safety (Murphy’s Law) with security (Satan’s Law) as the way to build our safe and secure RISC-V processors.

Of course, as the leader in custom compute, all our safe and secure RISC-V IP products  allow customers to optimize them and design them for differentiation. Indeed, we believe wholeheartedly that the future for innovative automotive OEMs, is only possible by embracing custom compute. Simply using off-the-shelf processor cores will result in products looking like their competition.

Would you want to be safe, but not secure? Or secure but not safe?

Having security and safety embedded in processors is critical for the safety of drivers, passengers, pedestrians, and people in other vehicles. Pretty much everything is drive-by-wire, I.e. dependent on complex hardware and software, and the vehicle is increasingly dependent on wireless too, such as over-the-air (OTA) updates. If any of these systems are compromised, and it takes only one weak link in the chain, it will not end well. Security and safety embedded in processors can help prevent unauthorized access to these systems and protect against malicious attacks. It provides the critical foundation for protecting modern vehicles.

Without security there is no safety.

Mary Berra, CEO, GM

Now, this is kind of strange, because security and safety are related but frequently used separately. Don’t banks say your money is safe AND secure with us? They must think both are important!

Have you ever noticed how we often interchangeably use both terms? It is interesting to see how we have two terms and two definitions in English, when a lot of other languages don’t actually make that distinction. Spanish, French, Swedish, German, don’t they all use a single word to refer to both safety and security?

safety\-and\-security\-vocab
Security and safety in various languages

So why do we have chips that are functionally safe, but with no, or limited, cybersecurity? And chips that have cybersecurity countermeasures, but are not certified functionally safe? Why does our industry make distinctions? Clearly, a holistic safe and secure solution must be better.

Our combined approach to safety and security

We hope that being safe and secure is obvious to you at this point, so the next question is: how can we accomplish this? So, let’s start with those as basic requirements.

Cybersecurity is increasingly important

Whilst safety is, in general, getting better, cybersecurity vulnerabilities and exploits are forever increasing

The automotive industry is recognized throughout the world for caring about the safety of its customers. You’ve probably heard about ISO 26262 that was first published in 2011 to address functional safety of the embedded hardware and software in our vehicles. This built up on the many “passive safety” features of vehicles, such as seat belts, offered as early as 1947 and mandated later, as were airbags, crumple zones. And as we move into the age of ADAS (Advanced Driver Assistance System) and autonomous vehicles (AV) the envelope of safety engineering is being pushed even further, where we are seeing standards targeted, such as ISO 21448 Safety of the Intended Function (SotIF).

Cybersecurity, on the other hand, was more of an esoteric field mostly associated with signals technology for military exploitation, the finance and banking industry etc. Unfortunately, over just the last decades it has become an increasing problem, bleeding into all aspects of commercial and consumer activities. If you have a moment, go on this website.

We’ve added a snapshot below. Look at the huge growth in data breaches and hacks just over the last few years! What would happen if a bad actor was able to get into every connected car in the world and turn them off? A study from 2019 found that it would only take less than 20% of disabled vehicles to completely gridlock a modern city. Clearly not good.

data\-breaches
Worlds’ biggest data breaches and hacks between 2007-2014 (left) and 2015-2022 (right)

The standard ISO/SAE 21434 “Road Vehicle – Cybersecurity Engineering”, published 2021, specifies security related engineering requirements regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic systems in road vehicles, including their components and interfaces. This is complex, so how can we address all this ?

By the way, we at Codasip are actively engaged in the development of both ISO 26262 and ISO/SAE 21434.

Adapt or die (in automotive, but not only)

ISO/SAE 21434 provides a foundation, and we build on it by specifically defining the critical cybersecurity IP and countermeasures that one can use for different use cases, and where appropriate, incorporate with our safety concepts. Both ISO 26262 and ISO/SAE 21434 require that disciplines such as safety and security “establish and maintain communication channels”, Codasip, however is cementing this by actively bringing these capabilities together.

Our thought process is encapsulated by Charles Darwin in the Origin of Species:

It is not the most intellectual of the species that survives; it is not the strongest that survives; but the species that survives is the one that is able best to adapt and adjust to the changing environment in which it finds itself.

Hence an integrated, focused, and coordinated approach to security (and safety) is what we believe to be the best approach to adapt to the demands of, not just automotive, but in other segments such as critical infrastructure, where there are enormous risks.

What’s next?

We believe that every company, especially the OEMs that bear the brunt of the business and brand risk of safety and security issues, but all OEMs are heavily reliant on their supply chain to deliver safe and secure products. They must therefore have an integrated safety and security program that addresses all of their semiconductor devices. If you’ve read this far, you are probably interested in pursuing what we believe to be the best holistic, integrated methodology and tool set to define processors that are optimal for your use case and that are both safe and secure. With Murphy’s Law and Satan’s Law, we all must adapt. Why don’t we start discussing and look at potential initiatives? Think about it. Then talk to us.

Other blog posts