Understanding control actions and layers
As with vehicle-level cybersecurity controls, ECU-level controls aim to detect, protect, and recover the ECU to a safe and secure state in response to ECU-level threats. As we mentioned in Chapter 7, in terms of the controls’ effectiveness in risk treatment, the control actions can be classified in this order:
- Protect: These controls prevent the attack from happening in the first place. For example, encrypting filesystems prevents private data exposure.
- Detect: These controls can effectively detect abnormal behavior. For example, authenticating the filesystem image allows the system to detect when it has been tampered with.
- Recover: These controls allow the system to recover to a secure state when an anomaly is detected. For example, upon detecting that a filesystem has been tampered with, a backup image is used to avoid an inoperable system.
- Log: These controls log the event to enable user notification and root cause...
