Page 33 - EE Times Europe Magazine

Page 33 - EE Times Europe Magazine - June 2025

P. 33

EE|Times EUROPE 33

OPINION | AUTONOMOUS DRIVING | SAFETY AND SECURITY

Safety Without Security The EU’s Cyber Resilience Act (CRA)

Is an Illusion in the Age underlines this shift. Proposed in 2022 and
expected to come into effect by 2027, the CRA
is a landmark regulation that applies to all
of Autonomous Vehicles connected digital products and software sold
in the EU, including vehicles and embed-
ded components. It moves accountability
upstream, requiring that manufacturers and
By Hassan Triqui, Secure-IC software providers build security into the
design process—not bolt it on later. This regu-
The safety/security equation has changed, and in the latory pressure is a forcing function for better
engineering, pushing the industry toward
era of autonomous, connected vehicles, trust must be verifiable, updatable, and monitored systems.
Cybersecurity is no longer a technical
engineered from silicon to cloud to ensure true resilience niche. It is a business-critical function,
against both malfunction and malicious attack. and OEMs that fail to treat it as such will
face operational, legal, and reputational
consequences.
As the automotive industry pushes toward Level 4 and Level 5
autonomy, the convergence of functional safety and cybersecurity A NEW ROLE FOR OEMs: SYSTEM
is no longer theoretical; it is operational. A malfunction may cause ARCHITECTS OF TRUST
damage; a cyberattack may cause disaster. The two domains are now The traditional role of Tier 1 suppliers as
inextricably linked. There is no safety without security. the primary systems integrators is evolving.
This new reality demands a fundamental redesign of the auto- OEMs are becoming the architects of end-to-
motive value chain. Safety-critical systems cannot rely solely on end trust, responsible for the security posture
isolated certifications or static design milestones. Security must of the entire vehicle lifecycle, from SoC to
be integrated from the chip level to the cloud—from the individ- software stack to cloud back-end.
ual electronic control unit to the fleet level—because autonomous vehicles are not standalone This shift comes with strategic implications.
machines; they are nodes in a hyperconnected, evolving ecosystem. OEMs now seek long-term technology part-
ners, not transactional vendors. They expect
TRUST MUST BEGIN AT THE SILICON LEVEL vendors to bring not just point solutions but
Autonomous vehicles are effectively rolling data centers with real-time mission-critical func- joint roadmaps, end-to-end system views, and
tions. To ensure their integrity, hardware-based roots of trust must anchor the entire system. post-quantum readiness. In this paradigm,
These hardware enclaves provide the foundational assurance needed to secure boot sequences, security vendors must evolve into embedded
cryptographic operations, and isolation of sensitive processes. co-architects, participating in early design
As system architectures grow more complex, many next-generation automotive SoCs are phases and lifecycle monitoring strategies.
adopting chiplet-based designs, bringing together modular silicon components within a single Building this trust across the value chain
package. This evolution introduces new security is more than a technical achievement; it’s a
Building trust across requirements: Each chiplet must be individually strategic differentiator.

the value chain is authenticated during system boot and must maintain THE COST OF INACTION IS MEASURED IN
secure, verified communication with neighboring
more than a technical chiplets. Ensuring a trusted chain of custody among LIVES, NOT LOGS
chiplets is essential to preserving end-to-end system
The future of mobility is autonomous, con-
achievement; it’s a integrity, especially in safety-critical domains such as nected, and software-defined. But autonomy
strategic differentiator. braking, steering, or autonomous navigation. without security is reckless, safety without
real-time detection is blind, and compliance
But trust doesn’t stop at the chip. The rise of
vehicle-to-everything connectivity expands the attack without continuous monitoring is hollow.
surface dramatically. Cars now communicate with other vehicles, infrastructure, and cloud As we move forward, the industry must
services. This creates new risks but also poses a new opportunity: end-to-end observability and embrace a holistic, dynamic, and proactive
adaptive protection, at both the micro and macro levels. approach to automotive cybersecurity—one
This is where intrusion-detection systems and AI-based monitoring come into play. We must that begins at the silicon level and extends to
move from static security to dynamic detection, monitoring anomalies in real time and enabling the cloud. We must establish trust not just in
swift, autonomous responses. Imagine each vehicle subsystem acting as a sensor, feeding data the vehicle but in the entire ecosystem that
into a broader, fleet-level security intelligence system. This is the path to real resilience. surrounds it.
This is the only way to deliver the promise
FROM COMPLIANCE TO CONFIDENCE: WHY CERTIFICATIONS STILL MATTER of autonomy: vehicles that are not just smart
In this increasingly complex landscape, certifications are not the end goal; they’re the starting and self-driving but truly safe and secure by
point. Standards such as ISO/SAE 21434 (cybersecurity), ISO 26262 (functional safety, including design. ■
ASIL-D), UN R155 (cybersecurity management), and FIPS/Common Criteria (crypto and secure
elements) define the language of safety and security. But real trust comes when these certifica- Hassan Triqui is CEO and co-founder of
tions are combined and reinforced by hardware, software, and lifecycle security practices. Secure-IC.

www.eetimes.eu | JUNE 2025

28 29 30 31 32 33 34 35 36 37 38