Skip to content

Security Standards and Their Roles

ITS rely on various security standards for safe and secure operations. These standards address various aspects of ITS operations, such as communication, device security, data protection, misbehavior detection, and incident response.

Categories of ITS Security Standards

1. Communications Security

Standards ensuring the secure exchange of data between ITS entities, such as vehicles, infrastructure, and backend systems. These standards can be applied to secure V2V and V2I communications and protect real-time safety critical messaging in ITS environments.

Key Standards:

  • ISO 21177: Specifies services for secure session establishment and authentication between trusted ITS devices.
  • IEEE 1609.2: Provides cryptographic methods for secure V2X communications, including support for pseudonym certificates.
  • ETSI TS 103 097: Defines security headers and certificate formats for C-ITS communications in Europe.
  • ISO 15118: Addresses vehicle-to-grid (V2G) communication interface security for electric vehicles.

2. Device Security

Standards focus on protecting ITS devices such as Onboard Units (OBUs) and Roadside Units (RSUs) from unauthorized access or tampering.

Key Standards:

  • ISO/SAE 21434: Establishes requirements for cybersecurity engineering of road vehicle systems.
  • SAE J3101: Provides hardware-based security for ground vehicles.
  • ISO/IEC 15408 (Common Criteria): Offers a framework that can be extended to support evaluation of ITS device security.
  • V-ITS-S Base Protection Profile (SAFERTEC): Provides a framework for evaluating the security and trustworthiness of CV and V2I communications.

Data Security:

Standards that address the protection of ITS data in storage and in transit.

Key Standards:

  • ISO/IEC 27001: Provides guidelines for managing information security.
  • ISO 21186-3: Recommends practices for securing data exchange in Cooperative ITS environments.

Misbehavior Detection and Incident Response

Standards that support the detection, reporting and response to misbehavior within an ITS.

Key Standards:

  • IEEE 1609.2: Incorporates mechanisms for misbehavior reporting and response.
  • ISO 22320: Provides incident management guidelines for ITS systems.
  • SAE J3061: Serves as a cybersecurity guidebook for managing risks in cyber-physical vehicle systems.

Operational Security and Governance:

Frameworks and standards guiding the secure management of ITS systems and ensuring compliance with security policies.

Key Standards:

  • ISO/IEC 27035: Can be tailored to ITS ecosystem. Focuses on information security incident management.
  • ISO 22301: Can be tailored to ITS ecosystem. Covers business continuity and disaster recovery planning.

Specialized Applications

Some standards are designed for specific ITS use cases, such as electric vehicle communications and remote diagnostics.

Key Standards:

  • ISO 15118: Focuses on V2G communication security.
  • SAE J2931/7: Defines security for Plug-In Electric Vehicle (PEV) communication with charging infrastructure.
  • ISO/TR 23786: Provides criteria for assessing risks associated with remote access to vehicles.

Selecting the Right Standard for ITS Deployments

Selecting the most suitable standard depends on the specific needs of an ITS deployment. Considerations include:

  1. Communication Context: Real-time messaging (IEEE 1609.2) versus backend systems (ISO/IEC 27001).
  2. Device Type: Vehicle ECUs (ISO/SAE 21434) versus infrastructure RSUs.
  3. Regional Requirements: Unique security and operational policies associated with each region.
  4. Interoperability Needs: Identifying standards that enable operations across jurisdictions.