scope:

This Recommendation provides security guidelines for Ethernet-based in-vehicle networks (IVNs). It covers:

1) security threat analysis;

2) security requirements; and

3) use cases,

from a cyber-security perspective. Cybersecurity indicates that the technical communication architecture concerned is or can be an integral part of cyber-physical systems (e.g., Ethernet communication protocol stacks integrated in embedded systems).

Applicability statements

Networks in general and those on the Ethernet in particular are used for communication services. The security context in this Recommendation consequently focuses on communication security, but not necessarily on information security as such for compute nodes with Ethernet connectivity.

The security guidelines in this Recommendation therefore cover network engineering of Ethernet-based networks as used in automotive applications, from the security engineering perspective. Thus, the associated layered communication architectures with their layered protocol stacks are a fundamental part of such security considerations.

Validation of security guidelines over the timeline

Security for communication architectures as required for in-vehicle Ethernet networks is fundamentally evolving, primarily due to

1) possible changes in network topologies (driven by the evolving distributed computing architectures, using that communication networks, e.g., in direction of vehicle automation);

2) layered protocol architectures: current Ethernet and non-Ethernet protocol stacks in use can change, get extensions, etc.;

3) protocol evolution: current information and communication technology (ICT) protocols (as owned by standards development organizations like IEEE, IETF, ITU-T, ETSI, 3GPP) in use are still subject to ongoing maintenance activities and extensions, reflected by protocol profiling (e.g., IEEE time-sensitive networking (TSN) for automotive applications) [b-IEEE 1722-2016] or protocol versioning;

NOTE - Further, protocol specification-associated security considerations may be also subject to update.

1) evolution of security means and solutions in the context of communication security.

Future revisions of this Recommendation are therefore expected.

This Recommendation focuses in particular on initial security guidelines, given by a first set of use cases. The primary scope is first generation(s) Ethernet-based IVNs, leading to best current security practices and security guidelines at the time of publication of this Recommendation.