Vehicle ECU classification based on safety-security characteristics

An upcoming trend for automotive manufacturers is to perform remote diagnostics and firmware updates over the air, which allows identifying hardware problems and correction of software flaws with minimal customer inconvenience. These procedures require that the previously isolated in-vehicle network permits external communication, which introduces a number of security risks, e.g., cyber attack threats. In this paper, we identify cyber attack threats and classify the electronic control units (ECUs) in the in-vehicle network to assist in determining which ones to protect and restrict access to. We divide the ECUs into five categories: powertrain, vehicle safety, comfort, infotainment, and telematics. We then use four safety integrity levels to classify the ECU categories. Moreover, we define safety effect levels of security threats which are used to classify identified attacks in the remote diagnostics and firmware updates over the air procedures. The safety and security levels are combined to classify the ECU categories. From the results we conclude that ECU categories such as powertrain and vehicle safety require further protection prior to introducing remote connectivity. As a conclusion, we suggest that automotive manufacturers should emphasize security or restrict the remote diagnostics and firmware updates over the air procedures to certain ECUs.