Critical Alignment for Security, Safety & Product Development Teams
Break down silos to unite teams for the future of vehicle technology!
Safety, security, and development teams tend to work in silos due to differing objectives, tooling, and methodologies; historical contexts; educational backgrounds; and even fundamental terminology.
The increasing interconnectivity of vehicles makes it hard to separate safety and security from development. In the complex world of software, teams must break down silos, foster collaboration, and streamline documentation to ensure agile development and adapt to evolving demands.
In this webinar you will learn:
- Why it’s important to have compliance teams speaking the same language
- What we’re seeing and expecting from the industry to bring these specialized teams closer
- How to keep security, safety, and development teams aligned using Live Traceability™
- How to avoid rogue development and keep track of progress with Traceable Agile™ practices
Discover how Jama Connect® can empower Automotive and Semiconductor development teams to improve their end-to-end lifecycle and avoid costly rework.
Below is an abbreviated transcript of our webinar.
Kevin Dibble: I’d like to talk about the agenda for today and focus on the word alignment because that’s where we’re going to cover how we bring together cybersecurity teams, safety teams, product development teams, and even project management.
There’s a lot of siloing and opportunities in organizations for these specialized groups to work separately. But we’re going to talk about the importance of bringing these teams together and show some enabling technologies around live traceability and traceable Agile practices. So that’s the focus for today. But first, let’s start with the problem, and I want to isolate safety and security to begin with. So how are teams working today in these two functional areas?
With the puzzle piece in the middle, I’m trying to communicate that these teams want to work together, but the puzzle doesn’t quite fit yet. So let’s look at some of the underlying reasons why.
First, with functional safety, the standards for functional safety in automotive, ISO 26262, has been around since 2011, and the safety work’s been around even longer than that. So for OEMs, tier ones, and even some tier twos, the organizational competency, processes tool, the culture of safety are quite mature.
But on the right side, we have cybersecurity, which in automotive is a new discipline, with new standards, new audits, and assessment requirements, and requirements coming very rapidly from OEMs and tier ones worldwide.
RELATED: Traceable Agile – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries
Dibble: These teams are going through training. The processes for doing product development according to standards like ISO 21434 are new or in development still. The discipline itself is new and transforming out of IT security. And so this helps to understand perhaps some of the underlying factors of why these teams might be working separately or not working exactly on the same page.
Which leads to a silo situation. And I’ve got functional safety on the right and cybersecurity on the left. Both of those standards and both of those disciplines require automotive V-Model development, with strict requirements for documentation, quality, and compliance with the V-Model.
And so what’s happening is that the organizations pulling together these disciplines along with product development are doing some sharing in risk analysis, and basically handing requirements to product development teams, and not yet in a stage where they’re fully collaborating. And that presents some problems. And it adds some risk.
A couple of examples here are both safety and security risk-based standards for understanding how we mitigate the risk of something wearing out like hardware or defects that could cause safety issues on the one. And then on the cybersecurity side, how do we mitigate the risk of an attacker using a threat to infect or change the behavior of a system?
The controls or the mitigations for those two types of risks might result in conflicting requirements. For example, how to handle a communication channel, and I’ve given you an example right here.
Those two teams have to work together along with product to solve those differences, as well as to build an integrated system that at the end of the product release cycle we’re not finding surprises in terms of conflicting requirements and implementations that don’t work together cohesively. And so that’s one of the areas cyber and safety silos can cause problems.
Dibble: Now, we’ve heard about safety issues, recalls, and unfortunately crashes and fatalities for years. But I want to highlight some of the things that are being written in the press even recently about the threats that cybersecurity is now trying to address. From taking control of fleets of vehicles to shutting down production lines to causing safety-related hazards potentially, these are very real threats, and this is why the industry is moving so quickly to adopt the new cybersecurity standard.
To be able to tie together the disciplines of safety and security as well as product development, communication is critical. These safety analysis and threat analysis can’t happen in a vacuum. The teams have to work together, and this is where that alignment concept becomes so important.
Also, both these standards, 21434 and ISO 26262 require the establishment of communication channels between safety, security, and other disciplines like quality. So the developers of these standards certainly were aware of the need for these teams to talk and to achieve alignment.
CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Critical Alignment for Security, Safety & Product Development Team
- Streamlining SOC2 Type 2 Compliance: How Jama Connect® Can Help Enable Audit Success - February 27, 2024
- The Seven Steps to Performing FMEA - February 22, 2024
- Overview of FDA ISO 13485 and 21 CFR Part 820 Harmonization - February 20, 2024