Threat and Risk Assessment Methodologies in the Automotive Domain

Safety and security are both qualities that concern the overall system. However, these disciplines are traditionally treated independently in the automotive domain. Replacement of classical mechanical systems with safety-critical embedded systems raised the awareness of the safety attribute and caused the introduction of the ISO26262 standard. In contrast to this, security topics are traditionally seen as attacks of a mechanical nature and as only affecting single vehicles (e.g. door lock and immobilizer related). Due to the increasing interlacing of automotive systems with networks (such as Car2X), new features like autonomous driving, and online software updates, it is no longer acceptable to assume that car fleets are immune to security risks and automated remote attacks. Consequently, future automotive systems development requires appropriate systematic approaches to support cyber security and safety aware development.

Therefore, this paper examines threat and risk assessment techniques that are available for the automotive domain and presents an approach to classify cyber-security threats, which can be used to determine the appropriate number of countermeasures that need to be considered. Furthermore, we present a combined approach for safety and security analysis to be applied in early development phases, which is a pre-requisite for consistent engineering throughout the development lifecycle.