LHP Engineering Solutions

LHP Latest News Blog

Trustworthiness: A New Name Within Automotive

 



Don't Miss the 1-Hour Webinar on Automotive Trustworthiness

December 19, 2018
12:00 pm - 1:00 pm EST 

Register today

Register Today

 


When contending with the complicated and interconnected devices of the Industrial Internet of Things (IIoT), the question of trustworthiness is often introduced. How do we make certain that the systems as designed are worthy of trust? Questions like this are intuitive and necessary, of course. However, they often lack the rigorous framework needed for a robust implementation in system design. “Trust” is a word that we may all think we understand, but when applying it to a network connected device in a crucial automotive subsystem, the word’s precise formulation becomes paramount. 

 

 

Introduction to Trustworthiness
 

Introduction of trustworthiness from the Industrial Internet Consortium


Considering this, the Industrial Internet Consortium (IIC) has refined the definition a great deal, formulating it around five Key System Characteristics (KSCs): safety, security, stability, resilience, and privacy. Formally, the IIC defines trustworthiness as the “degree of confidence one has that the system performs as expected” within the boundaries set by the KSCs. 

 

In “A Short Introduction into Trustworthiness,” a white paper for the IIC, Sven Schrecker, Vice President and Chief Architect, Cyber Security for LHP, alongside Marcellus Buchheit, President and CEO of Wibu-Systems USA, and Frederick Hirsch, Standards Manager at Fujitsu, offer a summary of each of the five KSCs that can help provide a clearer formulation of how to implement trustworthiness in operational technology (OT), using a vehicle as an example.

 

Safety

Safety is quite simply the trait that “ensures that a system operates without unacceptable risk,” of physical injury to human operators and users, while also avoiding property damage or negative impacts on the environment. Within the automotive field, the functional safety standard, ISO 26262, is in place to ensure safety for the operating systems of the vehicle. However, without a broader sense of how safety impacts each level of technological development within each interlocking system, complete safety is not guaranteed. Since there is no requirement for assessing cyber security as part of the automotive functional safety validation process, the integrity of the safety systems themselves can be called into question even on a previously certified vehicle.


Security

Security refers to the design of a system in such a way that protects it from “unintended or unauthorized access, change or destruction.” Security covers not only the “traditional” needs of the installation of fences and locks, but also the “availability, integrity, and confidentiality of data at rest, in motion, or in use.” Due to the connected nature of vehicles on the road today, the security is crucial to the safety of the operator. Vehichle to vehicle (V2V) and vehicle to infrastructure V2x communication are integral to an autonomous vehicle’s design. However, these communication networks are often open and available for disruption from an outside force. Security on the vehicle prevents those outside forces from introducing anything malicious into the system. In this way, security is simply analogous to a lock, fence, or security system that protects our homes from unauthorized access.

 

Reliability

The characteristic of reliability provides a framework for the ability of a system to operate as desired under normal conditions for an explicitly defined period. Reliability must provide for physical wear-and-tear on a system, in addition to such considerations as changing software versions over time. In the automotive field, this is self-evidently important. Vehicles on the road are subject to a tremendous range of potential hazards both from the environment and from users under normal operating circumstances. Traveling thousands of miles through a range of punishing climates, for example, is comfortably within the realm of normal operation for most vehicles, and as such they must be designed to be reliable under those conditions.

 

Resilience

Resilience might usefully be framed as reliability “in the face of disruption.” As opposed to reliability, however, resilience “addresses unexpected and unplanned system statuses” that can result from a variety of errors injected into the system. Without resiliency, any disruption or unauthorized access to a vehicle system could cause irreparable damage to the components or operator. Resilience holds the system together; for instance, a back-up generator kicks-on when power is shut off to eliminate loss of operation.

 

Privacy

Finally, privacy is designed to allow individuals interacting with the system to “control or influence what information related to them may be collected and stored,” and further how that information is then shared down the line. In a digital age where personal information is stored, shared, and distributed on a regular basis, consumers need to feel in control of what they do and do not allow. This also holds true in vehicles as they become more connected. The millions of sensors tracking and reporting data from the vehicle introduce privacy concerns that are new to automotive, to be sure. However, privacy is the backbone of trustworthiness in the eyes of a consumer as it allows the consumer to manage the data, systems, and information collected, sent, and stored.


 Autonomous cinnected sensors

 

 

Car sensor of an autonomous or connected vehicle- Source: SAE (https://www.sae.org/dlymagazineimages/15067_24935_ACT.jpg)


It is important to note that none of these KSCs exist in a vacuum. In most cases, their importance will ebb and flow depending on the context. Further, it stands to reason that they are often interdependent, and in fact in some cases may be directly opposed to one another. For example, security as a KSC exists specifically to protect the system from the “malicious” or “erroneous” impacts of humans and the environment on the system, while on the other hand, the safety KSC “protects humans and the environment from any bad behavior of the system.”


In light of this complexity, it is clear that the implementation of these KSCs requires a responsive and integrated approach at levels of the design process. Schrecker, Buccheit, and Hirsch describe this approach as “trustworthiness by design,” and propose a framework called the “permeation of trust” to help guide the process. In this framework, the five KSCs are closely considered at every level of design, from operational users to system builders, all the way down to component builders.


Obviously embedding trustworthiness into every step of the design process will not happen overnight, and it will not be simple. But with the increasing reliance on connected devices throughout the industrial and automotive process, it is indispensable.

 

For more information on cyber security and the safety within the vehicle, contact LHP today.

 

New Call-to-action

 


Related Articles 

Related Links

Press CTRL + D to bookmark this page.Press Command/Cmd + D to bookmark this page. / Print

Most Recent

LHP Engineering Solutions (LHP), a global engineering services provider and technology integrator within the automotive industry, announced that David Glass, LHP’s CEO was recognized in the 2018 Best Of Comparably Awards for ‘Best CEO in 2018’ for small to mid-sized companies. CEO’s who were honored include leaders from Microsoft, Google, Tesla, and Amazon.

Back in the early sixties, a car’s intake valve would open for a specific duration during a predetermined time in the engine’s four-stroke cycle. It was not an especially flexible system, but in the early days of motor vehicles, this wasn’t a big problem. In the engines of those days, idle and operating RPMs were often quite similar. However, as vehicles advanced in complexity, the range of potential RPMs widened, leading to greater compromises in systems with static valve timing. The need for a better solution lead to the rise of variable valve timing (VVT).

LHPU, the training division of LHP Engineering Solutions (LHP), and Ivy Tech Community College, Indiana’s largest public postsecondary institution, are proud to announce a partnership with the Indiana Department of Veterans’ Affairs (IDVA). This partnership will assist American veterans with hands-on training and career development in the automotive space. LHPU’s mission is to grow the worldwide talent pool of highly qualified controls engineers. In doing so, since its inception in 2013, LHPU and Ivy Tech have helped bridge the gap between the classroom and the workplace by delivering hands-on boot camp training to over 600 students and engineering professionals.