News

Winning Together: Motional's Publicly Released AVCDL Kickstarts Building Security Into AV Products

October 03, 2022 Michael Maass, Cybersecurity Lead, Principle Engineer, Ph.D. 10.6.22

Those of us working on developing autonomous vehicles (AVs) have reasons to be protective of our work. We’ve invested considerable time, energy, and funding to unlock the technological innovations needed to make driverless vehicles a reality.

However, when it comes to safety and cybersecurity, it’s wrong for us to think solely in terms of protecting our secret sauce. We should share details on these topics with the public and across the industry. There are several things we know for certain: AV safety reflects on all of us, safety cannot be achieved without cybersecurity, and both topics require team effort.

This is why Motional has taken the step of making our  Autonomous Vehicle Cybersecurity Development Lifecycle (AVCDL) publicly available for others to review and adopt. The AVCDL is a lifecycle framework for building security into automotive products, while complying with automotive cybersecurity standards and regulations. We’re proud to be the first AV company to craft such a framework, have it formally assessed, and make it public so it can be useful to others. 

Preparing the AVCDL wasn’t quick and easy. It’s the result of a lot of hard work by many experienced cybersecurity professionals who care passionately about making AVs safe for the public. The cybersecurity experts behind Motional’s AVCDL have decades of experience building out cybersecurity programs in safety-critical and regulated industries. It was a heavy lift to make sure our AVCDL established a security framework not just for AVs, but for all automotive products, while complying with industry standards, such as ISO/SAE 21434 and ISO 24089, and regulations including, UNECE WP.29’s R155 and R156.

Furthermore, we proactively sought external review of the lifecycle to ensure it meets relevant cybersecurity requirements from standards bodies and regulators. TÜV SÜD, a global leader in safety assessments, assessed our AVCDL for conformance to ISO/SAE 21434 and R155 and we’re proud to say that we’ve received their confirmation that the AVCDL meets the relevant requirements. We believe TÜV SÜD’s assessment is a testament to Motional’s security approach and industry-leading practices. For additional transparency, we have included their assessment letters in our public materials. 

TÜV SÜD started assessing AVCDL in 2021 against ISO/SAE 21434’s requirements. While this was AVCDL’s first formal assessment, the process played similarly in later assessments. The first round of reviews were general and primarily intended to ensure everyone was familiarized with the contents of the AVCDL and the approach for assessing conformance. TÜV SÜD then completed a detailed review of their own that looked very closely at the AVCDL and our conformance claims to ensure it met each in-scope requirement of ISO/SAE 21434. Finally, because assessing lifecycles to the conformance of cybersecurity standards and regulations is new, TÜV SÜD brought in an outside reviewer to ensure consistency and completeness. Each level of review resulted in additions to the AVCDL that improved clarity and expanded on topics that were important for demonstrating conformance.

TÜV SÜD’s assessment summaries can be found in the same GitHub repository as the rest of AVCDL. Summaries of how the AVCDL fulfills the requirements of ISO 21434, R155, and other standards and regulations are also available.

The bottom line is, Motional invested considerable time and expertise in creating what we believe is the most advanced framework in the industry to secure AVs against cybersecurity threats. And we’re giving it away for free. We’re doing this because we believe safety comes first and must transcend competition. By making the AVCDL public, we’ll support the safety and security of all AVs, not just our own.

Access to Motional’s AVCDL will save anyone who adopts it the time and effort involved in putting together the fundamentals of a secure development program. This allows adopters to instead focus on implementing cybersecurity measures within their business and building secure products. More importantly, it provides a means by which to unify our approaches to cybersecurity compliance throughout the supply chain and across the industry, making it more efficient for everyone to work together to secure the future of transportation. Motional will continue to work with TÜV SÜD assessing the AVCDL beyond ISO/SAE 21434 and R155, and will publicly release both those results and any improvements made to the AVCDL to remain in conformance. We will also soon release training videos to help implement the AVCDL. 

AVCDL is not our first foray into public contributions on safety and cybersecurity. We and a team of peers published the Safety First for Automated Driving white paper, a report on how to build, test, and operate safe AVs. We also pioneered safety-focused data sharing with the release of our nuScenes and nuPlan datasets. And we’re a part of several industry groups committed to safety and security collaboration, including Auto-ISAC, an automotive industry cybersecurity information sharing organization.

The AV industry has the potential to improve road safety by eliminating accidents caused by human error. That potential has never been closer to reality as some of the world’s first driverless vehicles hit the roads. Motional, for example, will begin fully driverless commercial operations in Las Vegas later this year.

By releasing the TÜV SÜD assessments, we’re not only publicly demonstrating our security approach, we’re also supporting the overall industry in creating safe and secure AVs. We’re proud to lead the industry on safety as we get one step closer to the driverless future.