1
/
of
12
www.ChineseStandard.us -- Field Test Asia Pte. Ltd.
GB/T 38628-2020 English PDF (GB/T38628-2020)
GB/T 38628-2020 English PDF (GB/T38628-2020)
Regular price
$355.00
Regular price
Sale price
$355.00
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
GB/T 38628-2020: Information security technology - Cybersecurity guide for automotive electronics system
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 38628-2020 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 38628-2020
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 38628-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Cybersecurity guide
for automotive electronics system
ISSUED ON: APRIL 28, 2020
IMPLEMENTED ON: NOVEMBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Abbreviations ... 8
5 Cybersecurity activity framework of automotive electronic system ... 8
5.1 Overview ... 8
5.2 Organization management ... 9
5.3 Cybersecurity activities ... 9
5.4 Support guarantee ... 11
6 Cybersecurity organization management of automotive electronics systems
... 12
6.1 Set organizational structure ... 12
6.2 Establish a communication and coordination platform ... 12
6.3 System construction and employee training ... 13
6.4 Test and evaluation ... 13
6.5 Stage inspection ... 15
7 Cybersecurity activities of automotive electronics systems ... 16
7.1 Conceptual design stage ... 16
7.2 System-level product development stage ... 22
7.3 Hardware-level product development stage ... 27
7.4 Software-level product development stage ... 31
7.5 Product production, operation and service stage ... 36
8 Cybersecurity support for automotive electronic systems ... 38
8.1 Configuration management ... 38
8.2 Demand management ... 38
8.3 Change management ... 39
8.4 Document management ... 39
8.5 Supply chain management ... 40
8.6 Cloud management ... 41
Appendix A (Informative) Typical cybersecurity risks of automotive electronic
systems ... 44
Appendix B (Informative) Examples of cybersecurity protection measures for
automotive electronic systems ... 49
Appendix C (Informative) Example of incident handling checklist ... 52
References ... 53
Information security technology - Cybersecurity guide
for automotive electronics system
1 Scope
This standard gives a framework for cybersecurity activities in automotive
electronics systems, as well as recommendations for cybersecurity activities,
organizational management, support assurance for automotive electronics
systems under this framework.
This standard is applicable to guide OEMs, parts suppliers, software suppliers,
chip suppliers, various service providers, and other organizations in the
automotive electronics supply chain to carry out cybersecurity activities, guide
relevant personnel to meet the basic cybersecurity needs during design,
development, production, operation, service when engaging in automotive
electronics systems.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 18336-2015 (all parts) Information technology - Security techniques -
Evaluation criteria for IT security
GB/T 20984-2007 Information security technology - Risk evaluation
specification for information security
GB/T 29246-2017 Information technology - Security techniques -
Information security management systems - Overview and vocabulary
GB/T 30279-2013 Information security technology - Vulnerability
classification guide
GB/T 31167-2014 Information security technology - Security guide of
cloud computing services
GB/T 31168-2014 Information security technology - Security capability
requirements of cloud computing services
inspection, and other activities.
5.3.2 Product development stage
The product development stage includes the development stage of system-
level product, the development stage of hardware-level product, the
development stage of software-level product. Figure 2 shows the basic process
of the product development stage as well as the relationship between product
development at the system level, hardware level, and software level. Figure 2
does not include the iterative process, but in fact many stages require repeated
iterations, in order to finally achieve the development goals.
The development stage of system-level product mainly includes initiation of
development of system-level product, cybersecurity technical specifications
(including system-level vulnerability analysis, cybersecurity strategy
specification, determination of cybersecurity technical requirements, etc.),
system design, system function integration, cybersecurity testing, cybersecurity
verification, cybersecurity evaluation and inspection, product release, etc.
The development stage of hardware-level product mainly includes initiation o
development of hardware product, hardware cybersecurity specifications
(including hardware-level vulnerability analysis, determination of cybersecurity
requirements), hardware design, hardware integration and cybersecurity
testing, verification of hardware cybersecurity requirements, detailing
cybersecurity evaluation, and so on.
The development stage of software-level product mainly includes initiation of
development of software product, software cybersecurity specifications
(including software-level vulnerability analysis, determination of cybersecurity
requirements), software architecture design, software unit design and
implementation, software unit testing, software integration, cybersecurity
testing, verification of software cybersecurity needs, detailing cybersecurity
evaluation and so on.
When cryptographic technology is needed in the product development stage, it
is necessary to comply with relevant national cryptographic management
provisions.
management end security and so on.
6 Cybersecurity organization management of
automotive electronics systems
6.1 Set organizational structure
Organizations need to attach great importance to cybersecurity; consider
cybersecurity at the strategic level of the organization; specifically reflect it from
the following aspects:
a) Formulate and implement the organization's cybersecurity strategy, policy,
objectives;
b) To implement the leadership responsibility system for cybersecurity, it may
establish a cybersecurity leadership group with the responsibility of
organized senior leaders, to be responsible for the supervision on
formulation and implementation of cybersecurity strategies, policies,
objectives, meanwhile coordinating the cooperation between various
departments;
c) Set up a special institute to be responsible for cultural construction,
information communication, training, cross-departmental resource
allocation and other related work related to cybersecurity;
d) Employees can clearly know the organizational settings and division of
responsibilities related to cybersecurity within the organization.
6.2 Establish a communication and coordination platform
The organization should establish internal and external information
communication and coordination channels for cybersecurity, including but not
limited to the following:
a) Develop a process for individuals or organizations inside or outside the
organization to report on cybersecurity incidents; clarify the interface
between relevant departments within the organization and the
responsibilities that shall be assumed;
b) Develop a process for notifying relevant parties about cybersecurity
incidents; carry out hierarchical management of the severity of the incident;
c) Develop a process for responding to and handling cybersecurity incidents
d) The evaluation team should not be employees of the organization being
evaluated;
e) The evaluation team should not induce the organization to use its own
services;
f) The evaluation team should record the results of the evaluation in detail,
including any new vulnerabilities found.
Note: This is mainly for the recommendation of the organization to hire a third-
party evaluation team. The organization's self-built evaluation team may refer
to it.
6.4.2 Cybersecurity test content
Vulnerability testing, penetration testing and fuzzy testing are important
methods for evaluating an object's cybersecurity capabilities. Among them,
vulnerability testing is a more common method, which can include but not
limited to the following specific methods:
a) Vulnerability scanning, to detect whether the object has vulnerabilities that
may be attacked;
b) Exploratory testing, to detect and investigate vulnerabilities that may arise
in software or hardware implementation;
c) Aggressive testing, invading the object by destroying, bypassing,
tampering with cybersecurity control measures, etc., to achieve the
purpose of testing the object's resistance to attack.
6.4.3 Cybersecurity evaluation
The cybersecurity evaluation is used to verify whether the currently
implemented cybersecurity strategy meets cybersecurity requirements and
whether it can effectively reduce threats and risks, which may include but not
limited to the following:
a) Evaluate whether the cybersecurity strategy at each stage meets the
cybersecurity requirements;
b) Evaluate whether the cybersecurity design at each stage complies with
the cybersecurity strategy;
c) For threats that are not resolved by the cybersecurity strategy, define them
as corresponding pending questions and assess whether the pending
questions can be accepted;
d) If the pending question is acceptable, provide a corresponding explanation,
c) Clarify the start time and deadline of each activity;
d) Clarify the reporting and supervision rules of each activity status.
7.1.4 Threat analysis and risk evaluation
The organization should conduct threat analysis and risk evaluation on the
automotive electronic system, in order to systematically identify the
cybersecurity threats that the automotive electronic system may face; make a
reasonable estimate of the cybersecurity risk, to provide basis for determining
cybersecurity goals of the automotive electronic system and taking appropriate
risk treatment measures. Grasping of technology of threat analysis and risk
evaluation and implementation in the early stage of product development, can
minimize the cost of expensive repairs caused by problems discovered at a
later stage of the product life cycle; in addition, as the product development
process continues to deepen, threat analysis and risk evaluation activities can
also be iterated in time for the gradual refinement of products in a timely manner,
to provide a basis for cybersecurity evaluation at each stage of product
development.
The threat analysis and risk evaluation activities of automotive electronic
systems should be carried out in accordance with GB/T 18336-2015, GB/T
20984-2007, GB/T 31509-2015, GB/T 31722-2015 and other standard,
combined with practical experience in the automotive industry. It mainly
includes the following steps:
a) Preparation: Determine the goal and scope of threat analysis and risk
evaluation.
b) Function definition: Identify the main functions of the automotive electronic
system and the assets that need to be protected.
Example 1:
The assets that need to be protected in automotive electronic systems can
be mainly considered from the following aspects:
- In-vehicle equipment: including ECU, sensors, actuators, network
communication equipment, etc.;
- Functional safety-critical and non-functional safety-critical applications
running on the equipment;
- Data link inside ECU, between ECU, between ECU and sensor/actuator,
between ECU and network communication equipment and application
program.
comprehensive analysis of the impact on the vehicle's functional safety,
privacy, economy, handling, etc. can be conducted comprehensively; for the
probability of the threat successfully carrying out the attack, it may
comprehensively consider various factors, including the time it takes to
attack (including the time to identify vulnerabilities, develop attack programs,
successfully install programs, etc.), expertise, knowledge of the attacking
target, time window of opportunity, requirements for special equipment, etc.
f) Risk treatment: Prioritize asset threats according to risk levels, especially
the need to identify threats with high risk levels and assess whether the
risk level of each asset threat is at an acceptable level; if the risk level is
unacceptable, it should consider applying appropriate methods or risk
control measures (see Appendix B for specific measures) to reduce the
residual risk of the system to an acceptable range.
Example 3:
In response to the cybersecurity risks that the ECU’s "CAN bus access"
described in Appendix A may face, the risk control measures that can be
taken are to provide a secure communication function (software) of the CAN
bus, to realize the anti-tampering and anti-replay mechanism of the
communication data.
Example 4:
In response to the cybersecurity risks that the vehicle gateway’s
"FOTA/SOTA" described in Appendix A may face, the risk control measures
that can be taken are to implement a secure FOTA/SOTA process, to prevent
the vehicle gateway firmware/software or data from being counterfeited,
tampered with, or subject to information disclosure during its update process.
Example 5:
In response to the cybersecurity risk of unauthorized access to the USB
interface of the onboard access device described in Appendix A, the risk
control measures that can be taken are to implement secure access control
on the USB interface and record the access events through the security log,
in order to timely identify possible unauthorized access.
7.1.5 Determination of cybersecurity goal
The organization should determine the cybersecurity objectives based on the
high-risk threats as identified in the risk evaluation results, especially the
highest-risk threats.
Example 1:
such as vulnerability testing and penetration testing. Based on the results of the <...
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 38628-2020 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 38628-2020
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 38628-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Cybersecurity guide
for automotive electronics system
ISSUED ON: APRIL 28, 2020
IMPLEMENTED ON: NOVEMBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Abbreviations ... 8
5 Cybersecurity activity framework of automotive electronic system ... 8
5.1 Overview ... 8
5.2 Organization management ... 9
5.3 Cybersecurity activities ... 9
5.4 Support guarantee ... 11
6 Cybersecurity organization management of automotive electronics systems
... 12
6.1 Set organizational structure ... 12
6.2 Establish a communication and coordination platform ... 12
6.3 System construction and employee training ... 13
6.4 Test and evaluation ... 13
6.5 Stage inspection ... 15
7 Cybersecurity activities of automotive electronics systems ... 16
7.1 Conceptual design stage ... 16
7.2 System-level product development stage ... 22
7.3 Hardware-level product development stage ... 27
7.4 Software-level product development stage ... 31
7.5 Product production, operation and service stage ... 36
8 Cybersecurity support for automotive electronic systems ... 38
8.1 Configuration management ... 38
8.2 Demand management ... 38
8.3 Change management ... 39
8.4 Document management ... 39
8.5 Supply chain management ... 40
8.6 Cloud management ... 41
Appendix A (Informative) Typical cybersecurity risks of automotive electronic
systems ... 44
Appendix B (Informative) Examples of cybersecurity protection measures for
automotive electronic systems ... 49
Appendix C (Informative) Example of incident handling checklist ... 52
References ... 53
Information security technology - Cybersecurity guide
for automotive electronics system
1 Scope
This standard gives a framework for cybersecurity activities in automotive
electronics systems, as well as recommendations for cybersecurity activities,
organizational management, support assurance for automotive electronics
systems under this framework.
This standard is applicable to guide OEMs, parts suppliers, software suppliers,
chip suppliers, various service providers, and other organizations in the
automotive electronics supply chain to carry out cybersecurity activities, guide
relevant personnel to meet the basic cybersecurity needs during design,
development, production, operation, service when engaging in automotive
electronics systems.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 18336-2015 (all parts) Information technology - Security techniques -
Evaluation criteria for IT security
GB/T 20984-2007 Information security technology - Risk evaluation
specification for information security
GB/T 29246-2017 Information technology - Security techniques -
Information security management systems - Overview and vocabulary
GB/T 30279-2013 Information security technology - Vulnerability
classification guide
GB/T 31167-2014 Information security technology - Security guide of
cloud computing services
GB/T 31168-2014 Information security technology - Security capability
requirements of cloud computing services
inspection, and other activities.
5.3.2 Product development stage
The product development stage includes the development stage of system-
level product, the development stage of hardware-level product, the
development stage of software-level product. Figure 2 shows the basic process
of the product development stage as well as the relationship between product
development at the system level, hardware level, and software level. Figure 2
does not include the iterative process, but in fact many stages require repeated
iterations, in order to finally achieve the development goals.
The development stage of system-level product mainly includes initiation of
development of system-level product, cybersecurity technical specifications
(including system-level vulnerability analysis, cybersecurity strategy
specification, determination of cybersecurity technical requirements, etc.),
system design, system function integration, cybersecurity testing, cybersecurity
verification, cybersecurity evaluation and inspection, product release, etc.
The development stage of hardware-level product mainly includes initiation o
development of hardware product, hardware cybersecurity specifications
(including hardware-level vulnerability analysis, determination of cybersecurity
requirements), hardware design, hardware integration and cybersecurity
testing, verification of hardware cybersecurity requirements, detailing
cybersecurity evaluation, and so on.
The development stage of software-level product mainly includes initiation of
development of software product, software cybersecurity specifications
(including software-level vulnerability analysis, determination of cybersecurity
requirements), software architecture design, software unit design and
implementation, software unit testing, software integration, cybersecurity
testing, verification of software cybersecurity needs, detailing cybersecurity
evaluation and so on.
When cryptographic technology is needed in the product development stage, it
is necessary to comply with relevant national cryptographic management
provisions.
management end security and so on.
6 Cybersecurity organization management of
automotive electronics systems
6.1 Set organizational structure
Organizations need to attach great importance to cybersecurity; consider
cybersecurity at the strategic level of the organization; specifically reflect it from
the following aspects:
a) Formulate and implement the organization's cybersecurity strategy, policy,
objectives;
b) To implement the leadership responsibility system for cybersecurity, it may
establish a cybersecurity leadership group with the responsibility of
organized senior leaders, to be responsible for the supervision on
formulation and implementation of cybersecurity strategies, policies,
objectives, meanwhile coordinating the cooperation between various
departments;
c) Set up a special institute to be responsible for cultural construction,
information communication, training, cross-departmental resource
allocation and other related work related to cybersecurity;
d) Employees can clearly know the organizational settings and division of
responsibilities related to cybersecurity within the organization.
6.2 Establish a communication and coordination platform
The organization should establish internal and external information
communication and coordination channels for cybersecurity, including but not
limited to the following:
a) Develop a process for individuals or organizations inside or outside the
organization to report on cybersecurity incidents; clarify the interface
between relevant departments within the organization and the
responsibilities that shall be assumed;
b) Develop a process for notifying relevant parties about cybersecurity
incidents; carry out hierarchical management of the severity of the incident;
c) Develop a process for responding to and handling cybersecurity incidents
d) The evaluation team should not be employees of the organization being
evaluated;
e) The evaluation team should not induce the organization to use its own
services;
f) The evaluation team should record the results of the evaluation in detail,
including any new vulnerabilities found.
Note: This is mainly for the recommendation of the organization to hire a third-
party evaluation team. The organization's self-built evaluation team may refer
to it.
6.4.2 Cybersecurity test content
Vulnerability testing, penetration testing and fuzzy testing are important
methods for evaluating an object's cybersecurity capabilities. Among them,
vulnerability testing is a more common method, which can include but not
limited to the following specific methods:
a) Vulnerability scanning, to detect whether the object has vulnerabilities that
may be attacked;
b) Exploratory testing, to detect and investigate vulnerabilities that may arise
in software or hardware implementation;
c) Aggressive testing, invading the object by destroying, bypassing,
tampering with cybersecurity control measures, etc., to achieve the
purpose of testing the object's resistance to attack.
6.4.3 Cybersecurity evaluation
The cybersecurity evaluation is used to verify whether the currently
implemented cybersecurity strategy meets cybersecurity requirements and
whether it can effectively reduce threats and risks, which may include but not
limited to the following:
a) Evaluate whether the cybersecurity strategy at each stage meets the
cybersecurity requirements;
b) Evaluate whether the cybersecurity design at each stage complies with
the cybersecurity strategy;
c) For threats that are not resolved by the cybersecurity strategy, define them
as corresponding pending questions and assess whether the pending
questions can be accepted;
d) If the pending question is acceptable, provide a corresponding explanation,
c) Clarify the start time and deadline of each activity;
d) Clarify the reporting and supervision rules of each activity status.
7.1.4 Threat analysis and risk evaluation
The organization should conduct threat analysis and risk evaluation on the
automotive electronic system, in order to systematically identify the
cybersecurity threats that the automotive electronic system may face; make a
reasonable estimate of the cybersecurity risk, to provide basis for determining
cybersecurity goals of the automotive electronic system and taking appropriate
risk treatment measures. Grasping of technology of threat analysis and risk
evaluation and implementation in the early stage of product development, can
minimize the cost of expensive repairs caused by problems discovered at a
later stage of the product life cycle; in addition, as the product development
process continues to deepen, threat analysis and risk evaluation activities can
also be iterated in time for the gradual refinement of products in a timely manner,
to provide a basis for cybersecurity evaluation at each stage of product
development.
The threat analysis and risk evaluation activities of automotive electronic
systems should be carried out in accordance with GB/T 18336-2015, GB/T
20984-2007, GB/T 31509-2015, GB/T 31722-2015 and other standard,
combined with practical experience in the automotive industry. It mainly
includes the following steps:
a) Preparation: Determine the goal and scope of threat analysis and risk
evaluation.
b) Function definition: Identify the main functions of the automotive electronic
system and the assets that need to be protected.
Example 1:
The assets that need to be protected in automotive electronic systems can
be mainly considered from the following aspects:
- In-vehicle equipment: including ECU, sensors, actuators, network
communication equipment, etc.;
- Functional safety-critical and non-functional safety-critical applications
running on the equipment;
- Data link inside ECU, between ECU, between ECU and sensor/actuator,
between ECU and network communication equipment and application
program.
comprehensive analysis of the impact on the vehicle's functional safety,
privacy, economy, handling, etc. can be conducted comprehensively; for the
probability of the threat successfully carrying out the attack, it may
comprehensively consider various factors, including the time it takes to
attack (including the time to identify vulnerabilities, develop attack programs,
successfully install programs, etc.), expertise, knowledge of the attacking
target, time window of opportunity, requirements for special equipment, etc.
f) Risk treatment: Prioritize asset threats according to risk levels, especially
the need to identify threats with high risk levels and assess whether the
risk level of each asset threat is at an acceptable level; if the risk level is
unacceptable, it should consider applying appropriate methods or risk
control measures (see Appendix B for specific measures) to reduce the
residual risk of the system to an acceptable range.
Example 3:
In response to the cybersecurity risks that the ECU’s "CAN bus access"
described in Appendix A may face, the risk control measures that can be
taken are to provide a secure communication function (software) of the CAN
bus, to realize the anti-tampering and anti-replay mechanism of the
communication data.
Example 4:
In response to the cybersecurity risks that the vehicle gateway’s
"FOTA/SOTA" described in Appendix A may face, the risk control measures
that can be taken are to implement a secure FOTA/SOTA process, to prevent
the vehicle gateway firmware/software or data from being counterfeited,
tampered with, or subject to information disclosure during its update process.
Example 5:
In response to the cybersecurity risk of unauthorized access to the USB
interface of the onboard access device described in Appendix A, the risk
control measures that can be taken are to implement secure access control
on the USB interface and record the access events through the security log,
in order to timely identify possible unauthorized access.
7.1.5 Determination of cybersecurity goal
The organization should determine the cybersecurity objectives based on the
high-risk threats as identified in the risk evaluation results, especially the
highest-risk threats.
Example 1:
such as vulnerability testing and penetration testing. Based on the results of the <...
Share
