<!--
Copyright (c) 2025 Milin Patel
Hochschule Kempten - University of Applied Sciences

Autonomous Driving: AI Safety and Security Workshop
This project is licensed under the MIT License.
See LICENSE file in the root directory for full license text.
-->

*Copyright © 2025 Milin Patel. All Rights Reserved.*

# ISO/SAE 21434: Automotive Cybersecurity Engineering

[![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/milinpatel07/Autonomous-Driving_AI-Safety-and-Security/blob/main/AV_Perception_Safety_Workshop/Session_3_Safety_and_Security_Standards/notebooks/14_ISO_SAE_21434_Cybersecurity.ipynb)


## Learning Objectives
- Understand automotive cybersecurity engineering principles
- Master TARA (Threat Analysis and Risk Assessment) methodology
- Learn CAL (Cybersecurity Assurance Level) determination
- Apply cybersecurity to autonomous vehicle perception systems
- Integrate cybersecurity with functional safety

---

In [None]:
# Setup: Install and import required libraries
import sys

# Install packages if in Colab
if 'google.colab' in sys.modules:
    !pip install -q matplotlib pandas numpy seaborn

import numpy as np
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns
from matplotlib.patches import Rectangle, FancyBboxPatch, FancyArrowPatch
import warnings
warnings.filterwarnings('ignore')

# Set style
plt.style.use('seaborn-v0_8-darkgrid')
sns.set_palette("husl")

print("✓ Setup complete!")

## 1. ISO/SAE 21434 Overview

### What is ISO/SAE 21434?

**ISO/SAE 21434:2021** - Road vehicles — Cybersecurity engineering

Published in August 2021, this standard provides requirements for cybersecurity engineering for road vehicles throughout their lifecycle.

### Why Cybersecurity Matters for Autonomous Vehicles

Modern vehicles are "computers on wheels":
- 100+ ECUs (Electronic Control Units)
- Millions of lines of code
- Multiple external connectivity points
- V2X (Vehicle-to-Everything) communication
- OTA (Over-The-Air) updates
- Cloud connectivity

**Cybersecurity is critical because:**
1. **Safety impact**: Cyber attacks can cause physical harm
2. **Privacy**: Vehicles collect sensitive personal data
3. **Autonomy**: Self-driving relies on sensor and communication integrity
4. **Fleet risk**: Vulnerabilities can affect thousands of vehicles

### Key Principles

1. **Security by Design**: Built-in from the start, not added later
2. **Defense in Depth**: Multiple layers of protection
3. **Risk-based Approach**: Focus on high-impact threats
4. **Lifecycle Coverage**: From concept to decommissioning
5. **Supply Chain Security**: Extend to all partners

### Standard Structure

- **Organizational cybersecurity management**
- **Project-dependent cybersecurity management**
- **Continuous cybersecurity activities**
- **Distributed cybersecurity activities** (supply chain)
- **TARA** (Threat Analysis and Risk Assessment)
- **Cybersecurity validation and monitoring**

In [None]:
# Visualize cybersecurity lifecycle
def visualize_cybersecurity_lifecycle():
    """
    Visualize ISO/SAE 21434 cybersecurity lifecycle
    """
    fig, ax = plt.subplots(figsize=(16, 10))
    
    # Lifecycle phases
    phases = [
        {'name': 'Concept Phase\nTARA', 'x': 0.15, 'y': 0.75, 'color': '#3498db'},
        {'name': 'Product\nDevelopment', 'x': 0.35, 'y': 0.75, 'color': '#9b59b6'},
        {'name': 'Production', 'x': 0.55, 'y': 0.75, 'color': '#2ecc71'},
        {'name': 'Operations &\nMaintenance', 'x': 0.75, 'y': 0.75, 'color': '#f39c12'},
        {'name': 'Decommissioning', 'x': 0.95, 'y': 0.75, 'color': '#e74c3c'}
    ]
    
    # Draw phases
    for i, phase in enumerate(phases):
        rect = FancyBboxPatch((phase['x']-0.08, phase['y']-0.08), 0.16, 0.12,
                             boxstyle="round,pad=0.01",
                             facecolor=phase['color'], edgecolor='black',
                             linewidth=2.5, alpha=0.8)
        ax.add_patch(rect)
        ax.text(phase['x'], phase['y'], phase['name'],
               ha='center', va='center', fontsize=10, fontweight='bold', color='white')
        
        # Arrows between phases
        if i < len(phases) - 1:
            arrow = FancyArrowPatch((phase['x']+0.08, phase['y']), 
                                   (phases[i+1]['x']-0.08, phases[i+1]['y']),
                                   arrowstyle='->', mutation_scale=30, 
                                   linewidth=3, color='black')
            ax.add_patch(arrow)
    
    # Supporting activities (bottom)
    support = [
        {'name': 'Organizational\nCybersecurity\nManagement', 'x': 0.25, 'y': 0.35},
        {'name': 'Continuous\nCybersecurity\nActivities', 'x': 0.55, 'y': 0.35},
        {'name': 'Supply Chain\nCybersecurity', 'x': 0.85, 'y': 0.35}
    ]
    
    for item in support:
        rect = FancyBboxPatch((item['x']-0.10, item['y']-0.08), 0.20, 0.12,
                             boxstyle="round,pad=0.01",
                             facecolor='lightblue', edgecolor='blue',
                             linewidth=2, alpha=0.6)
        ax.add_patch(rect)
        ax.text(item['x'], item['y'], item['name'],
               ha='center', va='center', fontsize=9, fontweight='bold')
        
        # Upward arrows to lifecycle
        ax.annotate('', xy=(item['x'], 0.65), xytext=(item['x'], item['y']+0.06),
                   arrowprops=dict(arrowstyle='<->', lw=2, color='blue', alpha=0.5))
    
    # Key activities boxes
    activities = [
        {'text': 'Asset Identification\nThreat Scenarios\nRisk Assessment', 'x': 0.15, 'y': 0.55},
        {'text': 'Security Requirements\nArchitecture Design\nImplementation', 'x': 0.45, 'y': 0.55},
        {'text': 'Incident Response\nMonitoring\nPatch Management', 'x': 0.85, 'y': 0.55}
    ]
    
    for activity in activities:
        ax.text(activity['x'], activity['y'], activity['text'],
               ha='center', va='center', fontsize=8, style='italic',
               bbox=dict(boxstyle='round', facecolor='lightyellow',
                        edgecolor='orange', linewidth=1.5, alpha=0.8))
    
    ax.set_xlim(0, 1.05)
    ax.set_ylim(0.2, 0.95)
    ax.axis('off')
    ax.set_title('ISO/SAE 21434 Cybersecurity Lifecycle', 
                fontsize=16, fontweight='bold', pad=20)
    
    plt.tight_layout()
    plt.show()

visualize_cybersecurity_lifecycle()

## 2. TARA: Threat Analysis and Risk Assessment

TARA is the core cybersecurity risk assessment methodology in ISO/SAE 21434.

### TARA Process Steps

1. **Asset Identification**
   - Identify what needs protection
   - Determine asset value
   - Map dependencies

2. **Threat Scenario Identification**
   - Who might attack? (Threat actors)
   - What do they want? (Attack goals)
   - How might they attack? (Attack paths)

3. **Impact Rating**
   - Safety impact
   - Financial impact
   - Operational impact
   - Privacy impact

4. **Attack Feasibility Assessment**
   - Elapsed time
   - Specialist expertise
   - Knowledge of the item
   - Window of opportunity
   - Equipment required

5. **Risk Determination**
   - Combine impact and feasibility
   - Determine risk level

6. **Risk Treatment**
   - Avoid, reduce, share, or retain risk
   - Define cybersecurity goals and requirements

### Attack Feasibility Rating

| Rating | Time | Expertise | Knowledge | Equipment | Opportunity |
|--------|------|-----------|-----------|-----------|-------------|
| **Very Low** | > 1 year | Layman | Public | Standard | Unlimited |
| **Low** | 6-12 months | Proficient | Restricted | Specialized | Easy |
| **Medium** | 3-6 months | Expert | Confidential | Bespoke | Moderate |
| **High** | 1-3 months | Multiple Experts | Strictly Confidential | Multiple Bespoke | Difficult |
| **Very High** | < 1 month | Nation State | Top Secret | State-level | Very Difficult |

In [None]:
# TARA Framework Implementation
class TARAAnalysis:
    """
    Threat Analysis and Risk Assessment for automotive systems
    """
    
    def __init__(self, system_name: str):
        self.system_name = system_name
        self.assets = []
        self.threats = []
    
    def add_asset(self, asset_id: str, name: str, 
                 cybersecurity_property: str, value: str):
        """
        Add an asset to protect
        cybersecurity_property: Confidentiality, Integrity, Availability
        """
        asset = {
            'id': asset_id,
            'name': name,
            'property': cybersecurity_property,
            'value': value
        }
        self.assets.append(asset)
    
    def add_threat(self, threat_id: str, asset_id: str, 
                  threat_scenario: str, attack_vector: str,
                  impact_safety: int, impact_financial: int,
                  impact_operational: int, impact_privacy: int,
                  feasibility: str):
        """
        Add a threat scenario
        impact: 1 (Negligible) to 4 (Severe)
        feasibility: Very Low, Low, Medium, High, Very High
        """
        # Calculate overall impact (max of all dimensions)
        impact = max(impact_safety, impact_financial, 
                    impact_operational, impact_privacy)
        
        # Determine CAL (Cybersecurity Assurance Level)
        cal = self._determine_cal(impact, feasibility)
        
        # Determine risk level
        risk_level = self._determine_risk(impact, feasibility)
        
        threat = {
            'id': threat_id,
            'asset_id': asset_id,
            'scenario': threat_scenario,
            'attack_vector': attack_vector,
            'impact_safety': impact_safety,
            'impact_financial': impact_financial,
            'impact_operational': impact_operational,
            'impact_privacy': impact_privacy,
            'impact_overall': impact,
            'feasibility': feasibility,
            'cal': cal,
            'risk_level': risk_level
        }
        
        self.threats.append(threat)
    
    def _determine_cal(self, impact: int, feasibility: str) -> int:
        """
        Determine Cybersecurity Assurance Level (1-4)
        """
        feasibility_map = {
            'Very Low': 1,
            'Low': 2,
            'Medium': 3,
            'High': 4,
            'Very High': 4
        }
        
        feas_value = feasibility_map.get(feasibility, 2)
        
        # Simplified CAL matrix
        if impact >= 4:
            return 4
        elif impact >= 3:
            return max(3, feas_value)
        elif impact >= 2:
            return max(2, feas_value - 1)
        else:
            return 1
    
    def _determine_risk(self, impact: int, feasibility: str) -> str:
        """
        Determine overall risk level
        """
        feasibility_scores = {
            'Very Low': 1,
            'Low': 2,
            'Medium': 3,
            'High': 4,
            'Very High': 5
        }
        
        feas_score = feasibility_scores.get(feasibility, 3)
        risk_score = impact * feas_score
        
        if risk_score >= 15:
            return 'Critical'
        elif risk_score >= 10:
            return 'High'
        elif risk_score >= 6:
            return 'Medium'
        else:
            return 'Low'
    
    def to_dataframe(self):
        """
        Convert TARA to DataFrame
        """
        return pd.DataFrame(self.threats)

# Example: Pedestrian Detection System TARA
tara = TARAAnalysis("Pedestrian Detection and AEB System")

# Add assets
tara.add_asset('A-001', 'Camera Sensor Data', 'Integrity', 'High')
tara.add_asset('A-002', 'ML Model Weights', 'Integrity', 'Critical')
tara.add_asset('A-003', 'ECU Firmware', 'Integrity', 'Critical')
tara.add_asset('A-004', 'V2X Communication', 'Integrity', 'High')
tara.add_asset('A-005', 'OTA Update Channel', 'Integrity', 'Critical')

# Add threat scenarios
tara.add_threat(
    threat_id='T-001',
    asset_id='A-001',
    threat_scenario='Camera feed spoofing via physical adversarial patch',
    attack_vector='Physical access to vehicle environment',
    impact_safety=4,      # Severe - can cause collision
    impact_financial=2,   # Moderate
    impact_operational=3, # Significant
    impact_privacy=1,     # Negligible
    feasibility='Medium'  # Requires expertise but publicly known
)

tara.add_threat(
    threat_id='T-002',
    asset_id='A-002',
    threat_scenario='Model poisoning via compromised OTA update',
    attack_vector='Supply chain compromise or network attack',
    impact_safety=4,
    impact_financial=4,
    impact_operational=4,
    impact_privacy=2,
    feasibility='Low'     # Requires significant resources and access
)

tara.add_threat(
    threat_id='T-003',
    asset_id='A-004',
    threat_scenario='V2X message injection (fake pedestrian alert)',
    attack_vector='Wireless attack on V2X communication',
    impact_safety=3,
    impact_financial=2,
    impact_operational=3,
    impact_privacy=1,
    feasibility='Medium'  # V2X vulnerabilities documented
)

tara.add_threat(
    threat_id='T-004',
    asset_id='A-003',
    threat_scenario='Firmware tampering via diagnostic port',
    attack_vector='Physical access to OBD-II port',
    impact_safety=4,
    impact_financial=3,
    impact_operational=4,
    impact_privacy=2,
    feasibility='Medium'  # Requires physical access + tools
)

tara.add_threat(
    threat_id='T-005',
    asset_id='A-001',
    threat_scenario='Sensor blinding via laser/LED attack',
    attack_vector='Directed energy attack on camera',
    impact_safety=4,
    impact_financial=1,
    impact_operational=3,
    impact_privacy=1,
    feasibility='Low'     # Requires specialized equipment
)

tara.add_threat(
    threat_id='T-006',
    asset_id='A-005',
    threat_scenario='Man-in-the-middle attack on OTA updates',
    attack_vector='Network interception',
    impact_safety=4,
    impact_financial=3,
    impact_operational=4,
    impact_privacy=3,
    feasibility='Medium'
)

# Display TARA results
df_tara = tara.to_dataframe()

print("\n" + "="*100)
print(f"TARA: {tara.system_name}")
print("="*100)
display(df_tara[['id', 'scenario', 'impact_overall', 'feasibility', 'cal', 'risk_level']])

print("\n" + "="*100)
print("Detailed Impact Analysis")
print("="*100)
display(df_tara[['id', 'impact_safety', 'impact_financial', 'impact_operational', 'impact_privacy']])

In [None]:
# Visualize TARA results
def visualize_tara_results(df_tara):
    """
    Visualize TARA analysis results
    """
    fig, ((ax1, ax2), (ax3, ax4)) = plt.subplots(2, 2, figsize=(16, 12))
    
    # 1. Risk Level Distribution
    risk_counts = df_tara['risk_level'].value_counts()
    risk_order = ['Low', 'Medium', 'High', 'Critical']
    risk_colors = {'Low': '#2ecc71', 'Medium': '#f39c12', 'High': '#e67e22', 'Critical': '#e74c3c'}
    
    risk_counts_ordered = risk_counts.reindex(risk_order, fill_value=0)
    bars1 = risk_counts_ordered.plot(kind='bar', ax=ax1, 
                                     color=[risk_colors[x] for x in risk_counts_ordered.index],
                                     edgecolor='black', linewidth=2)
    ax1.set_title('Threat Distribution by Risk Level', fontsize=13, fontweight='bold')
    ax1.set_xlabel('Risk Level', fontsize=12, fontweight='bold')
    ax1.set_ylabel('Number of Threats', fontsize=12, fontweight='bold')
    ax1.set_xticklabels(ax1.get_xticklabels(), rotation=0)
    ax1.grid(axis='y', alpha=0.3)
    
    for bar in bars1.patches:
        height = bar.get_height()
        if height > 0:
            ax1.text(bar.get_x() + bar.get_width()/2., height,
                    f'{int(height)}', ha='center', va='bottom', 
                    fontsize=12, fontweight='bold')
    
    # 2. CAL Distribution
    cal_counts = df_tara['cal'].value_counts().sort_index()
    colors_cal = sns.color_palette('Reds', len(cal_counts))
    
    cal_counts.plot(kind='bar', ax=ax2, color=colors_cal, edgecolor='black', linewidth=2)
    ax2.set_title('Cybersecurity Assurance Level (CAL) Distribution', fontsize=13, fontweight='bold')
    ax2.set_xlabel('CAL Level', fontsize=12, fontweight='bold')
    ax2.set_ylabel('Number of Threats', fontsize=12, fontweight='bold')
    ax2.set_xticklabels([f'CAL {int(x)}' for x in cal_counts.index], rotation=0)
    ax2.grid(axis='y', alpha=0.3)
    
    # 3. Impact Heatmap
    impact_data = df_tara[['impact_safety', 'impact_financial', 'impact_operational', 'impact_privacy']]
    impact_data.index = df_tara['id']
    impact_data.columns = ['Safety', 'Financial', 'Operational', 'Privacy']
    
    sns.heatmap(impact_data.T, annot=True, fmt='d', cmap='YlOrRd', 
               vmin=1, vmax=4, cbar_kws={'label': 'Impact Level'},
               ax=ax3, linewidths=0.5)
    ax3.set_title('Impact Analysis by Threat', fontsize=13, fontweight='bold')
    ax3.set_xlabel('Threat ID', fontsize=12, fontweight='bold')
    ax3.set_ylabel('Impact Dimension', fontsize=12, fontweight='bold')
    
    # 4. Risk Matrix (Impact vs Feasibility)
    feasibility_map = {'Very Low': 1, 'Low': 2, 'Medium': 3, 'High': 4, 'Very High': 5}
    df_tara['feas_numeric'] = df_tara['feasibility'].map(feasibility_map)
    
    # Plot threats on risk matrix
    risk_color_map = {'Low': '#2ecc71', 'Medium': '#f39c12', 'High': '#e67e22', 'Critical': '#e74c3c'}
    
    for _, row in df_tara.iterrows():
        ax4.scatter(row['feas_numeric'], row['impact_overall'], 
                   s=300, c=risk_color_map[row['risk_level']], 
                   edgecolor='black', linewidth=2, alpha=0.7)
        ax4.text(row['feas_numeric'], row['impact_overall'], row['id'],
                ha='center', va='center', fontsize=9, fontweight='bold')
    
    # Color zones
    ax4.axhspan(3.5, 4.5, xmin=0, xmax=1, alpha=0.15, color='red')
    ax4.axvspan(4, 5.5, ymin=0, ymax=1, alpha=0.15, color='red')
    
    ax4.set_xlim(0.5, 5.5)
    ax4.set_ylim(0.5, 4.5)
    ax4.set_xticks([1, 2, 3, 4, 5])
    ax4.set_xticklabels(['Very Low', 'Low', 'Medium', 'High', 'Very High'])
    ax4.set_yticks([1, 2, 3, 4])
    ax4.set_yticklabels(['Negligible', 'Moderate', 'Significant', 'Severe'])
    ax4.set_xlabel('Attack Feasibility', fontsize=12, fontweight='bold')
    ax4.set_ylabel('Impact Level', fontsize=12, fontweight='bold')
    ax4.set_title('Risk Matrix: Impact vs Feasibility', fontsize=13, fontweight='bold')
    ax4.grid(True, alpha=0.3)
    
    # Legend
    from matplotlib.patches import Patch
    legend_elements = [Patch(facecolor=color, edgecolor='black', label=level)
                      for level, color in risk_color_map.items()]
    ax4.legend(handles=legend_elements, loc='upper left', title='Risk Level')
    
    plt.tight_layout()
    plt.show()

visualize_tara_results(df_tara)

## 3. Cybersecurity Goals and Requirements

From TARA, we derive **Cybersecurity Goals** and **Cybersecurity Requirements**.

### Cybersecurity Goals (High-level)

Similar to Safety Goals in ISO 26262, but focused on preventing cyber attacks:

**Example for T-001 (Camera spoofing):**
- **CG-001**: Prevent unauthorized manipulation of camera sensor data [CAL 4]

### Cybersecurity Requirements (Detailed)

Derived from cybersecurity goals:

**For CG-001:**
- **CR-001.1**: Camera data shall be authenticated using cryptographic signatures [CAL 4]
- **CR-001.2**: System shall detect anomalous patterns in camera feed [CAL 4]
- **CR-001.3**: Redundant sensor (radar/lidar) shall validate camera detections [CAL 4]
- **CR-001.4**: Physical tamper detection on camera housing [CAL 4]

### Defense-in-Depth Layers

1. **Prevent**: Stop attacks before they succeed
   - Authentication, authorization
   - Encryption, secure boot
   - Input validation

2. **Detect**: Identify attacks in progress
   - Intrusion detection systems (IDS)
   - Anomaly detection
   - Logging and monitoring

3. **Respond**: React to detected attacks
   - Graceful degradation
   - Incident response
   - Forensics

4. **Recover**: Restore system to safe state
   - Secure recovery mechanisms
   - Backup and restore
   - Post-incident analysis

In [None]:
# Generate cybersecurity requirements from TARA
def generate_cybersecurity_requirements(df_tara):
    """
    Generate cybersecurity goals and requirements from TARA
    """
    requirements = []
    
    # Mapping of threats to mitigations
    mitigations = {
        'T-001': {
            'goal': 'CG-001: Prevent camera feed manipulation',
            'requirements': [
                'CR-001.1: Implement adversarial patch detection algorithm',
                'CR-001.2: Use sensor fusion (camera + LIDAR) for validation',
                'CR-001.3: Deploy runtime anomaly detection on camera feed',
                'CR-001.4: Implement confidence scoring and thresholds'
            ]
        },
        'T-002': {
            'goal': 'CG-002: Ensure ML model integrity',
            'requirements': [
                'CR-002.1: Sign ML model weights with cryptographic signature',
                'CR-002.2: Verify model signature before loading',
                'CR-002.3: Implement secure boot and chain of trust',
                'CR-002.4: Use hardware security module (HSM) for key storage',
                'CR-002.5: Monitor model performance for anomalies'
            ]
        },
        'T-003': {
            'goal': 'CG-003: Secure V2X communication',
            'requirements': [
                'CR-003.1: Authenticate V2X messages using PKI',
                'CR-003.2: Implement message freshness checks (timestamps)',
                'CR-003.3: Validate message plausibility (sensor fusion)',
                'CR-003.4: Rate limit V2X message processing'
            ]
        },
        'T-004': {
            'goal': 'CG-004: Protect firmware integrity',
            'requirements': [
                'CR-004.1: Restrict diagnostic port access (authentication)',
                'CR-004.2: Log all diagnostic port activities',
                'CR-004.3: Implement firmware signature verification',
                'CR-004.4: Enable write protection on critical firmware'
            ]
        },
        'T-005': {
            'goal': 'CG-005: Detect sensor blinding attacks',
            'requirements': [
                'CR-005.1: Monitor sensor health (saturation detection)',
                'CR-005.2: Implement sensor redundancy (multi-sensor)',
                'CR-005.3: Detect sudden performance degradation',
                'CR-005.4: Trigger safe state on sensor failure'
            ]
        },
        'T-006': {
            'goal': 'CG-006: Secure OTA update channel',
            'requirements': [
                'CR-006.1: Use TLS 1.3+ for OTA communication',
                'CR-006.2: Sign all OTA packages with manufacturer key',
                'CR-006.3: Verify package signature before installation',
                'CR-006.4: Implement rollback protection',
                'CR-006.5: Provide secure recovery mechanism'
            ]
        }
    }
    
    # Generate requirements table
    req_data = []
    for _, row in df_tara.iterrows():
        threat_id = row['id']
        if threat_id in mitigations:
            mitigation = mitigations[threat_id]
            for req in mitigation['requirements']:
                req_data.append({
                    'Threat ID': threat_id,
                    'Risk Level': row['risk_level'],
                    'CAL': row['cal'],
                    'Cybersecurity Goal': mitigation['goal'],
                    'Requirement': req
                })
    
    df_req = pd.DataFrame(req_data)
    
    print("\n" + "="*100)
    print("Cybersecurity Goals and Requirements")
    print("="*100)
    display(df_req[['Threat ID', 'Risk Level', 'CAL', 'Cybersecurity Goal', 'Requirement']])
    
    # Visualize requirements by CAL
    fig, ax = plt.subplots(figsize=(14, 6))
    
    cal_req_count = df_req.groupby('CAL').size()
    colors = sns.color_palette('Reds', len(cal_req_count))
    
    bars = cal_req_count.plot(kind='bar', ax=ax, color=colors, edgecolor='black', linewidth=2)
    ax.set_title('Cybersecurity Requirements by CAL Level', fontsize=14, fontweight='bold')
    ax.set_xlabel('CAL Level', fontsize=12, fontweight='bold')
    ax.set_ylabel('Number of Requirements', fontsize=12, fontweight='bold')
    ax.set_xticklabels([f'CAL {int(x)}' for x in cal_req_count.index], rotation=0)
    ax.grid(axis='y', alpha=0.3)
    
    for bar in ax.patches:
        height = bar.get_height()
        ax.text(bar.get_x() + bar.get_width()/2., height,
               f'{int(height)}', ha='center', va='bottom',
               fontsize=12, fontweight='bold')
    
    plt.tight_layout()
    plt.show()
    
    return df_req

df_requirements = generate_cybersecurity_requirements(df_tara)

## 4. Cybersecurity Testing and Validation

### Testing Strategies

1. **Penetration Testing**
   - Ethical hacking to find vulnerabilities
   - Both white-box and black-box testing
   - Regular testing throughout lifecycle

2. **Fuzzing**
   - Send malformed/unexpected inputs
   - Identify crashes and vulnerabilities
   - Automated and continuous

3. **Code Review and Static Analysis**
   - Manual code review
   - Automated static analysis tools
   - Check for common vulnerabilities

4. **Vulnerability Scanning**
   - Scan for known vulnerabilities
   - Check dependencies and libraries
   - Regular updates and patching

5. **Attack Simulation**
   - Simulate real-world attacks
   - Test incident response
   - Red team / blue team exercises

### Validation Metrics

- **Vulnerability density**: Vulnerabilities per KLOC
- **Attack surface**: Number of exposed interfaces
- **Time to detect**: How quickly attacks are detected
- **Time to respond**: How quickly system responds
- **Patch deployment time**: Speed of security updates

In [None]:
# Simulate penetration testing results
def simulate_penetration_testing():
    """
    Simulate penetration testing campaign results
    """
    # Test phases over 12 weeks
    weeks = ['Week 1-2', 'Week 3-4', 'Week 5-6', 'Week 7-8', 'Week 9-10', 'Week 11-12']
    
    # Vulnerabilities found per severity
    critical = [3, 2, 1, 0, 0, 0]
    high = [5, 4, 3, 2, 1, 0]
    medium = [8, 7, 5, 4, 3, 2]
    low = [10, 9, 8, 7, 6, 5]
    info = [15, 14, 12, 10, 9, 8]
    
    # Fixes deployed
    fixed = [0, 8, 15, 20, 25, 28]
    
    # Create visualization
    fig, (ax1, ax2) = plt.subplots(1, 2, figsize=(16, 6))
    
    # Stacked bar chart of vulnerabilities
    x = np.arange(len(weeks))
    width = 0.6
    
    ax1.bar(x, critical, width, label='Critical', color='#c0392b', edgecolor='black')
    ax1.bar(x, high, width, bottom=critical, label='High', color='#e74c3c', edgecolor='black')
    ax1.bar(x, medium, width, bottom=np.array(critical)+np.array(high), 
           label='Medium', color='#f39c12', edgecolor='black')
    ax1.bar(x, low, width, bottom=np.array(critical)+np.array(high)+np.array(medium),
           label='Low', color='#f1c40f', edgecolor='black')
    ax1.bar(x, info, width, 
           bottom=np.array(critical)+np.array(high)+np.array(medium)+np.array(low),
           label='Informational', color='#3498db', edgecolor='black')
    
    ax1.set_xticks(x)
    ax1.set_xticklabels(weeks, rotation=45)
    ax1.set_ylabel('Number of Vulnerabilities', fontsize=12, fontweight='bold')
    ax1.set_title('Penetration Testing: Vulnerabilities Discovered Over Time', 
                 fontsize=13, fontweight='bold')
    ax1.legend(loc='upper right')
    ax1.grid(axis='y', alpha=0.3)
    
    # Cumulative fixes
    total_vulns = [c+h+m+l+i for c,h,m,l,i in zip(critical, high, medium, low, info)]
    cumulative_vulns = np.cumsum(total_vulns)
    
    ax2.plot(x, cumulative_vulns, 'o-', linewidth=3, markersize=10, 
            label='Cumulative Vulnerabilities Found', color='#e74c3c')
    ax2.plot(x, fixed, 's-', linewidth=3, markersize=10,
            label='Cumulative Fixes Deployed', color='#2ecc71')
    ax2.fill_between(x, cumulative_vulns, fixed, alpha=0.3, color='red', 
                     label='Outstanding Vulnerabilities')
    
    ax2.set_xticks(x)
    ax2.set_xticklabels(weeks, rotation=45)
    ax2.set_ylabel('Count', fontsize=12, fontweight='bold')
    ax2.set_title('Vulnerability Remediation Progress', fontsize=13, fontweight='bold')
    ax2.legend(loc='upper left')
    ax2.grid(alpha=0.3)
    
    plt.tight_layout()
    plt.show()
    
    # Summary
    print("\n" + "="*80)
    print("Penetration Testing Campaign Summary")
    print("="*80)
    print(f"\nTotal Vulnerabilities Found: {cumulative_vulns[-1]}")
    print(f"  - Critical: {sum(critical)}")
    print(f"  - High: {sum(high)}")
    print(f"  - Medium: {sum(medium)}")
    print(f"  - Low: {sum(low)}")
    print(f"  - Informational: {sum(info)}")
    print(f"\nTotal Fixes Deployed: {fixed[-1]}")
    print(f"Outstanding Vulnerabilities: {cumulative_vulns[-1] - fixed[-1]}")
    print(f"Fix Rate: {fixed[-1]/cumulative_vulns[-1]*100:.1f}%")
    
    if critical[-1] == 0 and high[-1] <= 1:
        print("\n✓ System ready for deployment (no critical/high vulnerabilities)")
    else:
        print(f"\n⚠️  {critical[-1]} critical and {high[-1]} high vulnerabilities remain")
        print("   System NOT ready for deployment")

simulate_penetration_testing()

## 5. Integration with Functional Safety (ISO 26262)

### Safety and Security Interplay

**Key Insight**: Safety and security must be considered together!

### Interaction Scenarios

1. **Security vulnerability → Safety hazard**
   - Cyber attack causes malfunction
   - Example: Sensor spoofing leads to collision

2. **Safety mechanism → Security vulnerability**
   - Diagnostic port for safety becomes attack vector
   - Example: OBD-II port access

3. **Security measure → Safety impact**
   - Encryption adds latency
   - Example: Real-time constraints violated

4. **Common mitigation**
   - Same measure addresses both
   - Example: Redundancy for fault tolerance and attack resilience

### Integrated Analysis

| ISO 26262 Concept | ISO/SAE 21434 Equivalent |
|-------------------|-------------------------|
| Hazard | Threat |
| HARA (Hazard Analysis) | TARA (Threat Analysis) |
| Safety Goal | Cybersecurity Goal |
| ASIL | CAL |
| Safety Requirements | Cybersecurity Requirements |
| Functional Safety Concept | Cybersecurity Concept |
| Verification | Penetration Testing |
| Field Monitoring | Security Monitoring |

In [None]:
# Integrated Safety-Security Analysis
def create_safety_security_integration():
    """
    Show integration between safety and security analyses
    """
    # Example scenarios showing safety-security interaction
    scenarios = [
        {
            'id': 'SS-001',
            'scenario': 'Camera sensor spoofing',
            'safety_hazard': 'H-001: Pedestrian not detected',
            'security_threat': 'T-001: Adversarial patch attack',
            'asil': 'D',
            'cal': 4,
            'combined_requirement': 'Multi-sensor fusion + anomaly detection',
            'interaction': 'Security → Safety'
        },
        {
            'id': 'SS-002',
            'scenario': 'OTA update compromise',
            'safety_hazard': 'H-005: System malfunction after update',
            'security_threat': 'T-002: Model poisoning',
            'asil': 'D',
            'cal': 4,
            'combined_requirement': 'Signed updates + validation testing + rollback',
            'interaction': 'Security → Safety'
        },
        {
            'id': 'SS-003',
            'scenario': 'Diagnostic port exploitation',
            'safety_hazard': 'H-003: Firmware corruption',
            'security_threat': 'T-004: Firmware tampering',
            'asil': 'D',
            'cal': 4,
            'combined_requirement': 'Authentication + logging + write protection',
            'interaction': 'Safety ↔ Security'
        },
        {
            'id': 'SS-004',
            'scenario': 'Encrypted communication latency',
            'safety_hazard': 'H-006: Processing delay violates timing',
            'security_threat': 'T-006: MITM attack prevention',
            'asil': 'C',
            'cal': 3,
            'combined_requirement': 'Hardware crypto accelerator for performance',
            'interaction': 'Security → Safety (negative)'
        },
        {
            'id': 'SS-005',
            'scenario': 'Sensor redundancy',
            'safety_hazard': 'H-002: Sensor failure',
            'security_threat': 'T-005: Sensor blinding',
            'asil': 'D',
            'cal': 3,
            'combined_requirement': 'Diverse sensor suite (camera + LIDAR + radar)',
            'interaction': 'Common mitigation'
        }
    ]
    
    df = pd.DataFrame(scenarios)
    
    print("\n" + "="*100)
    print("Integrated Safety-Security Analysis")
    print("="*100)
    display(df[['id', 'scenario', 'asil', 'cal', 'interaction', 'combined_requirement']])
    
    # Visualize ASIL vs CAL
    fig, (ax1, ax2) = plt.subplots(1, 2, figsize=(16, 6))
    
    # ASIL-CAL matrix
    asil_map = {'A': 1, 'B': 2, 'C': 3, 'D': 4}
    df['asil_numeric'] = df['asil'].map(asil_map)
    
    interaction_colors = {
        'Security → Safety': '#e74c3c',
        'Safety ↔ Security': '#9b59b6',
        'Security → Safety (negative)': '#e67e22',
        'Common mitigation': '#2ecc71'
    }
    
    for interaction_type, color in interaction_colors.items():
        subset = df[df['interaction'] == interaction_type]
        ax1.scatter(subset['asil_numeric'], subset['cal'], 
                   s=300, c=color, label=interaction_type,
                   edgecolor='black', linewidth=2, alpha=0.7)
        for _, row in subset.iterrows():
            ax1.text(row['asil_numeric'], row['cal'], row['id'],
                    ha='center', va='center', fontsize=9, fontweight='bold')
    
    ax1.set_xlim(0.5, 4.5)
    ax1.set_ylim(0.5, 4.5)
    ax1.set_xticks([1, 2, 3, 4])
    ax1.set_xticklabels(['ASIL A', 'ASIL B', 'ASIL C', 'ASIL D'])
    ax1.set_yticks([1, 2, 3, 4])
    ax1.set_yticklabels(['CAL 1', 'CAL 2', 'CAL 3', 'CAL 4'])
    ax1.set_xlabel('Safety Level (ASIL)', fontsize=12, fontweight='bold')
    ax1.set_ylabel('Security Level (CAL)', fontsize=12, fontweight='bold')
    ax1.set_title('Safety-Security Level Correlation', fontsize=13, fontweight='bold')
    ax1.legend(loc='upper left', fontsize=9)
    ax1.grid(True, alpha=0.3)
    
    # Ideal line (ASIL = CAL)
    ax1.plot([1, 4], [1, 4], 'k--', linewidth=2, alpha=0.5, label='Ideal (ASIL=CAL)')
    
    # Interaction type distribution
    interaction_counts = df['interaction'].value_counts()
    colors_pie = [interaction_colors[i] for i in interaction_counts.index]
    
    ax2.pie(interaction_counts.values, labels=interaction_counts.index, 
           autopct='%1.0f%%', colors=colors_pie, startangle=90,
           wedgeprops={'edgecolor': 'black', 'linewidth': 2})
    ax2.set_title('Safety-Security Interaction Types', fontsize=13, fontweight='bold')
    
    plt.tight_layout()
    plt.show()
    
    return df

df_integration = create_safety_security_integration()

print("\n" + "="*100)
print("Key Insights")
print("="*100)
print("\n1. High ASIL often correlates with high CAL (safety-critical = security-critical)")
print("2. Security vulnerabilities can directly cause safety hazards")
print("3. Some mitigations address both safety and security (efficiency!)")
print("4. Security measures must not compromise safety (e.g., timing constraints)")
print("5. Integrated analysis prevents gaps and conflicts")

## 6. Summary and Key Takeaways

### ISO/SAE 21434 in a Nutshell

✓ **Lifecycle approach**: Cybersecurity from concept to decommissioning  
✓ **TARA is core**: Threat analysis drives requirements  
✓ **Risk-based**: Focus on high-impact, feasible threats  
✓ **CAL levels**: Similar to ASIL but for cybersecurity  
✓ **Integration essential**: Safety and security must work together  

### Critical Success Factors

1. **Security by design**: Build it in from the start
2. **Defense in depth**: Multiple layers of protection
3. **Comprehensive TARA**: Identify all threat scenarios
4. **Regular testing**: Continuous penetration testing and vulnerability scanning
5. **Incident response**: Plan for when (not if) attacks occur
6. **Supply chain security**: Extend to all partners
7. **Integration with safety**: Consider safety-security interactions

### Common Automotive Cybersecurity Threats

- ✓ Sensor spoofing (cameras, LIDAR, radar)
- ✓ V2X message injection/manipulation
- ✓ OTA update compromise
- ✓ Diagnostic port exploitation
- ✓ CAN bus injection
- ✓ GPS spoofing
- ✓ Model poisoning (ML systems)
- ✓ Cloud/backend compromise

### Cybersecurity Best Practices

1. **Authentication**: Verify all inputs and communications
2. **Encryption**: Protect data in transit and at rest
3. **Integrity checks**: Detect tampering (signatures, hashes)
4. **Least privilege**: Minimize access rights
5. **Monitoring**: Detect anomalies and attacks
6. **Secure boot**: Ensure only authorized code runs
7. **Update mechanism**: Securely deploy patches
8. **Incident response**: React quickly to breaches

### Next Steps

- **Complete Session 3 README**: Overview of all four standards
- **Exercise 5**: Perform HARA for your system
- **Exercise 6**: Conduct TARA for V2X communication
- **Study templates**: Use HARA, SOTIF, and TARA templates

---

## References

- ISO/SAE 21434:2021 - Road vehicles — Cybersecurity engineering
- SAE J3061 - Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
- UNECE WP.29 - UN Regulation on Cybersecurity
- NIST Cybersecurity Framework
- "Automotive Cybersecurity Engineering Handbook" - SAE International
- "Security and Privacy in Cyber-Physical Systems" - Wiley

---

**End of Notebook 14**

**Congratulations!** You've completed all four notebooks in Session 3. You now understand:
- ISO 26262 (Functional Safety)
- ISO 21448 (SOTIF)
- ISO/IEC 8800 series (AI Safety)
- ISO/SAE 21434 (Cybersecurity)

These standards work together to ensure comprehensive safety and security for autonomous vehicles.