Jürgen Belz, senior consultant, functional safety and cybersecurity at PROMETO co-authored this technical article.
With functional safety and security concerns in automotive electronics gaining attention, including in standards bodies, it’s important for automotive designers to enable functionally safe and secure automotive electric powertrains. Functional safety, cybersecurity and high-voltage safety play an important role in the design, development and mass production of modern electric vehicles.
A prevalent estimate for the amount of software in a modern vehicle is between 100 and 200 million lines of code. This software runs on a large variety of programmable electronic control units and provides functions for advanced driver assistance systems and safety features in the vehicle. Examples of such systems include blind-spot monitoring, automatic emergency brakes and adaptive cruise control. Vehicles with autonomous and electric features require functional safety for safe operation.
The increasing sophistication in the type and amount of connectivity available makes vehicles more vulnerable to digital attacks. What was once considered the gold standard in the prevention of cyberattacks is no longer valid. Given the implementation of communications protocols like Controller Area Network and Bluetooth®, and now Global System for Mobile Communications and Wi-Fi® networks for vehicle-to-vehicle communication, automobiles are no longer protected by the “air gap” between them and networks that hackers may employ. Imagine a scenario where a hacker immobilizes a vehicle and only unlocks it after being paid a ransom in bitcoin.
Additionally, all aspects of the electric drivetrain – such as the onboard charger, high-voltage to high-voltage or high-voltage to low-voltage DC/DC converter, and electric vehicle traction inverter – all use programmable microcontrollers (MCUs) such as C2000™ real-time MCUs. And with electric vehicle battery voltages approaching 600 to 800 V, it is equally important to understand and apply the requirements for high-voltage safety systems.
Automotive safety and security standards
These international standards address safety and security aspects:
Additionally, automotive Tier 1s (subsystem manufacturers) follow:
Electric vehicle system designers must consider aspects of all three safety and security measures.
ISO 26262 defines four automotive safety integrity levels (ASILs), as listed in Table 1.
Single-point fault metric
Latent fault metric
Probabilistic metric for hardware random fails
≤100 failure in time (FIT)
Table 1: ISO 26262 quantitative random hardware diagnostic coverage metrics per each ASIL class
ISO/SAE 21434 defines four cybersecurity assurance levels (CALs) based on attack vector and impact, as listed in Table 2.
Table 2: ISO/SAE 21434 cybersecurity assurance levels
SAE J3061 defines four cybersecurity integrity levels (CSILs) and recommends the application of a cybersecurity process for all automotive systems responsible for functions that are ASIL rated per ISO 26262, or for functions associated with subsystems such as propulsion, braking and steering. These are CSIL A, CSIL B, CSIL C and CSIL D.
ISO 6469 describes four classes that depend on the maximum working voltage range “U” of an electric circuit, as listed in Table 3.
Highest (maximum) working voltage
DC voltage (in V)
AC voltage (in root-mean-square value)
0 < U ≤ 60
0 < U ≤ 30
60 < U ≤ 1,500
30 < U ≤ 1,000
60 < U ≤ 75
30 < U ≤ 50
75 < U ≤ 1,500
50 < U ≤ 1,000
Table 3: ISO 6469 permissible maximum voltage levels per each voltage class
There is significant synergy between ISO 21434 and ISO 26262 in terms of how to implement their recommendations during the design, development and mass production of an electrical/electronic/programmable electronic system.
With the increasing complexity of automotive subsystems in hybrid electric vehicles and electric vehicles and the electrification of the powertrain, safety and security are becoming higher priorities. Fortunately, commonly accepted normative international standards address these safety and security aspects.
TI can help you make security and safety assessments and achieve security and safety goals in your automotive designs. For example, while developing a powertrain solution with a C2000™ real-time MCU, the online safety material is a great starting point.
All content and materials on this site are provided "as is". TI and its respective suppliers and providers of content make no representations about the suitability of these materials for any purpose and disclaim all warranties and conditions with regard to these materials, including but not limited to all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement of any third party intellectual property right. No license, either express or implied, by estoppel or otherwise, is granted by TI. Use of the information on this site may require a license from a third party, or a license from TI.
TI is a global semiconductor design and manufacturing company. Innovate with 100,000+ analog ICs andembedded processors, along with software, tools and the industry’s largest sales/support staff.