Abstract

The increasingly intelligent and connected vehicles have brought many unprecedented automotive cybersecurity threats, which may cause privacy breaches, personal injuries, and even national security issues. Before providing effective security solutions, a comprehensive risk assessment of the automotive cybersecurity must be carried out. A systematic cybersecurity risk assessment framework for automobiles is proposed in this study. It consists of an assessment process and systematic assessment methods considering the changes of threat environment, evaluation target, and available information in vehicle lifecycle. In the process of risk identification and risk analysis, the impact level and attack feasibility level are assessed based on the STRIDE model and attack tree method. An automotive cybersecurity risk matrix using a global rating algorithm is then constructed to create a quantitative risk metric. Finally, the applicability and feasibility of the proposed risk assessment framework are demonstrated through a use case, and the results prove that the proposed framework is effective. The proposed assessment framework helps to systematically derive automotive cybersecurity requirements.

Highlights

  • With the vehicles becoming more intelligent and connected, the automotive system is becoming increasingly complex [1,2,3,4]

  • The systematic risk assessment framework of the automotive cybersecurity presented in this study shows the following advantages: (1) Compared with existing risk assessment methods for automobiles, the proposed framework has a specific risk assessment process and systematic risk assessment methods, which make it more effective

  • As an important evaluation method for security assurance, cybersecurity risk assessment assists in determining the security status of automotive systems and extracting the automotive security requirements

Read more

Summary

Introduction

With the vehicles becoming more intelligent and connected, the automotive system is becoming increasingly complex [1,2,3,4]. Cybersecurity risks cannot be addressed at once because the existing security solutions mainly provide passive and. A security classification protection system for automotive cybersecurity can be constructed scientifically based on risk assessment and should be performed throughout the entire vehicle lifecycle (i.e., concept, development, production, operation, maintenance, and decommissioning phase) [15, 16]. The automotive cybersecurity risk assessment and IT security assessment differ in assessment methods, their process is generally consistent. Some analysis methods for automotive cybersecurity risk assessment have been proposed in the past few years, few systematic risk assessment frameworks for automobiles have been proposed. This paper presents a systematic risk assessment framework comprised of a specific assessment process and systematic assessment methods. The systematic risk assessment framework of automotive cybersecurity is proposed in Sect.

Surveys on Risk Assessment Methods
Systematic Risk Assessment Framework
Risk Analysis
Risk Assessment
Advantages of the Proposed Framework
Risk Assessment Application
16. SAE International
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call