ISO 26262 Certification for Software Components Reply

Guest author: Joe Wlad, Vice President, Business Development, Verocel, Inc. 

untitled-design-17

The automotive industry has adopted ISO 26262 as its functional safety standard for electronic systems. The current version of ISO 26262 was published in 2011, with a second edition scheduled for release in 2018. The increased use of software in automotive systems such as driver assist, brake control and engine and systems management has placed a greater scrutiny on ensuring the software is safe. Modern vehicles now contain millions of lines of software and software quality is more important than ever. While automotive designers and suppliers have 5 years’ experience using ISO 26262, the bar for software compliance is now higher due to increased complexity, integration and automation. Moreover, one can expect regulatory oversight to increase in the future due to changing policies. In September 2016, the U.S. DOT issued a new federal policy for safe testing and deployment of automated vehicles. This new policy seeks to strike a fair balance between innovation and regulatory oversight but will require additional effort from vehicle makers and suppliers who wish to use forms of automation in their future designs.

iso-26262

Historically, all automotive companies and suppliers practiced a form of “self-certification” regarding their systems, hardware and software. To date, there is no pre-market approval process and no government regulator in the loop. Manufacturers do their own due diligence and any government oversight of safety design, development and production comes into play only after vehicles go into production. Even though a pre-market approval process for road vehicles would be impractical even for autonomous features, designers will have to place additional emphasis on software design and verification practices in the near future. Fortunately, ISO 26262 addresses the key requirements for software development and design and software suppliers like RTI are prepared to assist designers in ensuring compliance with ISO 26262 software requirements.

ISO 26262 covers functional safety at the system, hardware and software levels. To be considered fully compliant with ISO 26262, all areas must be addressed at once meaning that the software has to be integrated onto a given hardware platform and within a given system before it is approved. This poses a dilemma for suppliers who wish to use COTS software such as an operating system or communication layer because it places an additional certification burden on the supplier to represent software they may not have designed themselves. Companies like RTI and Verocel have addressed this problem by providing both certification evidence and a framework to use that evidence in any system design and achieve ISO 26262 compliance at ASIL-D. The details of this approach are documented in a whitepaper called ISO 26262 Compliance Using Approved Software Components for Road Vehicles which can be downloaded at both the RTI and Verocel websites.

untitled-design-18

The whitepaper provides a complete background on ISO 26262 processes and what parts of the standard would apply to COTS software components. It also provides a summary of key characteristics of COTS software that can be used in road vehicle designs as well as documentation and evidence to assist the integrator in achieving ISO 26262 compliance. RTI Connext DDS Cert supports the DDS (Data Distribution Service) family of standards and is a certifiable middleware available with a complete, commercially supported certification package to support ISO 26262 certification, including ASIL-D. Connext DDS Cert provides an architecture and hardware-independent layer of software that can be used on virtually any system design. It also comes with the certification evidence that supports ISO 26262, sections 2, 6 and 8 as well as additional guidance and information that helps designers integrate Connext DDS and retain certification credit in their system.

Automotive designers and suppliers need to prepare for a future where increased regulatory compliance for software will be a norm. The days of complete self-certification autonomy are coming to an end and suppliers will need to rely on an entire software ecosystem of suppliers who can meet the current and future ISO 26262 requirements head-on. RTI and Verocel have broad experience in delivering certified software to customers in many industries and we are prepared to assist you.

The Industrial Internet Security Framework: What It Is and Why You Should Care 1

untitled-design-8

Industrial Internet of Things (IIoT) systems connect and integrate industrial control systems with enterprise systems, business processes, and analytics. According to the World Economic Forum (WEF), the Industrial Internet will be hugely transformative; it will change the basis of competition, redraw industry boundaries, and create disruptive companies[1]. Hugely improved operational efficiency, emergence of an outcome economy, and new connected ecosystems — that blur traditional industry boundaries — are among key business opportunities. There are, of course, significant hurdles to overcome, chief among them are security and interoperability based on the same report.

Security risks in IIoT systems can not be underestimated. To get a glimpse of what could potentially happen, take a look at the following video; demonstrating an experiment known as Aurora Generator Test, conducted by Idaho National Lab back in 2007:

The experiment demonstrates how a computer program could be used to rapidly open and close a diesel generator’s circuit breakers out of phase from the rest of the grid, causing it to explode. The Aurora vulnerability itself is not a software vulnerability, but existence of a huge amount of old infrastructure and legacy communication protocols creates concern about the security of these systems and the ability of attackers to exploit this vulnerability.

Of course, a lot has happened since 2007 when the Aurora research experiment was conducted. Real attacks on critical infrastructure have already happened.  Attacks on Ukraine’s power grid[2] and a German Steel Mill[3] or existence of malware like StuxNet indicate that the industrial internet should take necessary steps to protect the large number of already deployed legacy systems, in addition to coming up with new processes and technologies with thoughtfully integrated security support.

The Industrial Internet Consortium (IIC), the leading Industrial Internet consortia, comprises more than 250 companies and sets the architectural framework and direction for the Industrial Internet. The IIC recognized the necessity of protecting legacy systems and developing integrated security support since its inception in 2014. The Security Working Group at the IIC was tasked with initiating a process to create broad industry consensus on how to protect IIoT systems. This guidance would also be applied in IIC Testbeds, prototypes of IIoT systems developed by teams made up of IIC member companies. After two years of hard work, the IIC released the first version of this guidance document, titled the “Industrial Internet Security Framework (IISF).”

IISF is made up of different parts, each treating different viewpoints and aspects of security for the Industrial Internet.

Part I: Introduction

In Part I, key system characteristics for IIoT systems, and their assurance requirements that make these systems trustworthy, are examined. Furthermore, aspects of IIoT systems that are distinguished from Information Technology (IT) systems, Operational Technology (OT) Systems, and consumer IoT systems are discussed and their consequences for security designs explored.

Part II: The Business Viewpoint

In Part II, different aspects of identifying, communicating, and managing risk is discussed, along with requirements and approaches for assessing security of organizations, architectures, and technologies.

Part III: Functional and Implementation Viewpoints

This section describes functional building blocks for implementing security in IIoT systems as well as related technologies and best practices for protecting endpoints, communications and connectivity, configuration, management, and monitoring.

In the upcoming IIC Industrial Internet Security Forum, hosted at RTI headquarters, authors and editors of the IISF will cover more details about the framework. See the full agenda here. In my presentation, I will go over more details on functional and implementation aspects of protecting communications and connectivity. RTI’s VP of Products & Markets, David Barnett, will go over a specific use case on protecting Medical IoT systems: showing why and how Data Distribution Service Security could be used to protect Integrated Clinical Environments (ICE)[4].

Footnotes:
[1] http://www3.weforum.org/docs/WEFUSA_IndustrialInternet_Report2015.pdf
[2] https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/
[3] https://www.wired.com/2015/01/german-steel-mill-hack-destruction/
[4] Read more about protecting Integrated Clinical Environments in this paper.

5 Great Dev Resources You Need to Bookmark Right Now! 1

ddsdevresources

Despite Google being as amazing as it is, sometimes locating the exact thing you  need becomes a challenge. In these frustrating moments – which seemingly always occur when you’re under a time crunch! – the struggle becomes all too real. If you’re looking for technical resources for Connext DDS (or our other products), this post is for you! We’ve pulled together the only five bookmarks you’ll need to be sure you can always find the technical resource you need in a timely fashion. No struggle required.

 #1.  Case + Code

casecode

Case + Code is a series of use case-based examples to help take you from the problem that you have to real coding and configuration that can get you started on your solution right away. You’ll find the sample code, videos, and step-by-step instructions for each one – for FREE! So whether you’re looking to learn how to integrate medical devices, monitor video from security cameras or receive SIGINT data from multiple UAVs, stream video to multiple receivers, or monitor remote IoT devices, we’ve got a Case+Code for you!

#2. RTI Developer Community

Perhaps the best resource for any developer is our Dev Community – boasting an active forum, an extensive knowledge base, product documentation, and so much more!

#3. Newsletter

Our monthly newsletter will keep you up to date on product news, the latest tutorials and videos we have available, and upcoming events (like this one which we happen to be extremely excited about!). Click here to subscribe to the newsletter.

newsletter

#4. The RTI Blog

Looking for tutorials? Examples? Information on new products or features? Our Blog has all that covered and more!

Whether you’re a seasoned Connext user or just looking to learn a bit more about the various products and how they stack up against your other options, our blog is full of great content. If you’re not sure where to start or simply don’t want to wade through ALL of the content on the blog, these are some of our users’ favs:

#5. Library of Technical Resources

If you head on over to the content library, you’ll be greeted by tons of great videos, articles, whitepapers, etc., all produced with the goal of helping you become better acquainted with DDS, the use cases, best practices and more. Out of all the various things you can pick from, I’d recommend our whitepapers and on-demand webinar replays. They’re free, full of great information, and might contain just the inspo you need to take your project to the next level!

library