Cloud native EDA tools & pre-optimized hardware platforms
Automakers in Europe have been intimately familiar with UN Regulation No. 155 (UN R155) since its introduction three years ago by the United Nations Economic Commission for Europe. But being able to meet the EU regulation has been no easy feat even though it may sound simple on the surface.
UN R155 requires vehicle manufacturers (otherwise known as Original Equipment Manufacturers [OEMs]) and all suppliers in the automotive supply chain (such as Tier 1s) to adopt cybersecurity and a cybersecurity risk management system and processes. It mandates that vehicle type approval of models (and everything that makes up that vehicle model, from the infotainment system to the power train system and chip suppliers) must include cybersecurity measures complying with industry standards, namely ISO/SAE 21434.
The relationship between ISO/SAE 21434 standard and UN R155 regulation and how they affect players in the automotive ecosystem (Source: Cyber Security UN R155 and R155 | Bosch Engineering).
With the UN R155 July 1, 2024 deadline for brand new vehicle models (those with significant changes to vehicle architecture, not simply “facelifts” to existing models) the pressure was on for OEMs and others in the automotive supply chain to comply. Synopsys is an early adopter of automotive cybersecurity supporting our customers, today announcing the industry’s first processor IP, Synopsys ARC® HS4xFS, to achieve third-party certification compliance with ISO/SAE 21434 from accredited, independent auditor SGS-TṺV Saar.
Read on to learn how ARC HS4xFS Processor family has become a more secure and safe solution for automotive applications, the kinds of automotive channels this certification can help protect against cybersecurity attacks, and more.
Synopsys has worked closely with leading automotive chip suppliers for many years and has been aware that this was becoming a requirement for them early on, leading us to build ISO/SAE 21434 certification into our roadmap after early engagement with customers.
To begin with, Synopsys needed to define the cybersecurity development lifecycle before we could obtain ISO/SAE 21434 certification for our IP development process and ARC HS4xFS Processors. Key elements of the cybersecurity engineering processes include the Security Development Lifecycle (SDL), Security Risk Assessment (SRA), and the IP Security Incident Response Team (IP-SIRT).
Through these coordinated efforts, ISO/SAE 21434 certification provides a robust framework for managing cybersecurity risks, ensuring that the ARC HS4xFS Processor family (and additional IP portfolio products in the future, including interface, security, and processor IP solutions) have been assessed for potential security threats.
The potential for automotive cybersecurity vulnerabilities can come from anywhere. For instance, plugging in your smartphone to your vehicle with a USB, Bluetooth connections, and, more recently, Wi-Fi and 5G/LTE connections all can allow potential threats into the vehicle. As cars become more software-defined, over-the-air (OTA) updates are increasingly common, enabling remote updates with new features or fixes. However, this also opens up potential security risks such as unauthorized access, tampering, and malware. Adhering to the ISO/SAE 21434 cybersecurity standard is crucial to protecting these safety-critical automotive systems as more channels of attack become standard in new cars.
Today, ARC HS4xFS Processor IP, already certified under ISO 26262 (meeting ASIL D Random and ASIL D Systematic compliance for safety-critical systems), now holds ISO/SAE 21434 compliance certification performed by a third-party auditor. ARC HS4xFS functional safety processors facilitate the development of high-performance safety-critical applications and are optimized for high-performance embedded applications. Customers who use ARC HS4xFS processors and other ISO/SAE 21434-compliant technology ensure that security best practices are followed throughout the entire development process from IP to final vehicle assembly.
Achieving ISO/SAE 21434 certification for the Synopsys ARC HS4xFS family is only the beginning. Cybersecurity engineering processes are currently being applied to a prioritized list of IP products, based on customer demand, including the ARC-V processors, interface controllers, AMBA IPs, processors, security IPs, and more.
As more personal data is being routed through cars, over-the-air updates become even more commonplace, and standards become more stringent, the entire automotive industry is looking for the utmost confidence and compliance with cybersecurity certifications and the required background assessment that validates that there are no cybersecurity vulnerabilities in the product. Synopsys is ready to continue answering that call through its strategic cybersecurity roadmap.