Setting a New Standard for Automotive Cybersecurity: IEEE/ISTO and Uptane

Standardization represents an important step in the growth of a product or technology. It implies that a sufficient level of adoption has occurred to warrant sanctioned guidelines for its safe implementation and use.

The Uptane secure software update strategy has now reached this level. At the end of 2018, the Uptane Alliance was formally launched as the newest member of IEEE’s Industry Standards and Technology Organization (ISTO). The nonprofit Alliance, which was formally voted into existence on September 4, 2018, will take on the task of setting the future direction of the framework’s research, development, and deployment. As described on the Uptane web site, the group will serve as “a neutral arbiter that oversees the formal standardization of Uptane, and promotes security of software updates for the automotive industry,”

The standardization initiative began in the late summer months of 2018 and, as of year’s end, had produced a complete draft, which offers guidance on the design and implementation of the Uptane framework. The document benefitted from the input of 30-plus individuals employed by original equipment manufacturers, suppliers, and relevant government agencies, who continue to provide needed reviews and modifications

In the early months of 2019, the Uptane standards team began compiling best practices for the deployment of the software update framework. Different from the standards volume, the deployment strategies will be presented as suggestions, rather than as the mandatory steps one must take to be Uptane compliant.

The launch of the Alliance is just one of many milestones achieved by Uptane over the past year. The technology’s integration into Automotive Grade Linux (AGL) was a primary reason for the selection of NYU Tandon School of Engineering as an associate member of both AGL and its parent organization, the Linux Foundation. In announcing the new affiliation, a press release from NYU Tandon describes AGL as, “on track to be the leading shared software platform across the industry for in-vehicle applications including infotainment, instrument cluster, heads-up-display (HUD), telematics, autonomous driving, safety, and advanced driver assistance.”

The Standards document is available for review by any interested party, either through the GitHub repository or as an html document.