With the ever increasing features and complexities in the modern vehicles, two most important factors for the vehicle E/E systems are Functional Safety and Cybersecurity.
The Functional Safety standard ISO 26262 has been around for a while and its compliance has become a default. Over the years the organizations have developed a well defined processes to ensure the compliance. The newly released ISO/SAE 21434 standard for cybersecurity is structured in parallel lines with the more known ISO 26262 standard, along with some significant differences too.
Understanding the similarities and the differences between both standards shall allow the organizations to implement an efficient and cost saving integrated approach.
Below is an insight on the synergy between the Functional Safety and Cybersecurity aspects and also between their corresponding standards.
Synergies
The following diagrams show some overlap and synergies between the two standards.
1. In Functional Safety the Hazards leading to System malfunction and the safety impact is studied. In Cybersecurity the Threats compromising the System and their impact to the System availability, User privacy and System safety are analyzed.
Both Functional Safety and Cybersecurity concern with Safety Impact of the system.
ISO/SAE 21434 applies for all the E/E systems whereas ISO 26262 applies only for the Safety related E/E systems.
2. A threat scenario analysis may determine a Safety impact; whereas a hazard analysis may reveal a Cyber-attack as a cause.
Effective communication shall exist between the Functional Safety and Cybersecurity analysis.
3. In Functional Safety, a goal of the HARA is to determine the ASIL value. In Cybersecurity, the goal of TARA is to calculate the Risk Value and determine the Risk Treatment decision.
CAL determination is optional in TARA unlike the mandatory ASIL determination in HARA.
4. Organizations shall implement an integrated approach to achieve both the Functional Safety and Cybersecurity. Certain activities could be performed together to address related impacts and efficiency.
ISO 26262 & ISO/SAE 21434 - Key differences
Significant differences between the requirements in the two standards are listed below. The corresponding implementations shall also carry over the differences, some are listed.
ISO/SAE 21434 | ISO 26262 |
TARA analyzes the risk of a threat scenario to determine the Impact and Attack Feasibility. Risk Value is the output. | HARA evaluates risk of a hazard event in terms of severity, exposure and controllability. ASIL is the output. |
Uncertainty and Likelihood are the focus of TARA | Predictability and Probability are the focus of HARA |
Cybersecurity of a system is dynamic. Safe state cannot be assigned. | Functional Safety of a system is static. A Safe State is assigned. |
TARA is to be performed continuously during concept and development stages | HARA may be performed once to determine the ASIL value. |
CAL : No explicit CAL Driven processes | ASIL : Many ASIL Driven processes specified |
No Independency Scheme. Could be adopted from ISO 26262 | Independency Scheme based on ASIL |
Audit : Performed on Organization level Processes | Audit : Performed on Implemented Project Processes |
Assessment : Optional | Assessment : Necessary |