Abstract
Increases in the connectivity of vehicles and automation of driving functions, with the goal of fully automated driving, are expected to bring many benefits to individuals and wider society. However, these technologies may also create new cybersecurity threats to vehicle user privacy, the finances of vehicle users and mobility service operators, and even the physical safety of vehicle occupants and other road users. Assuring the cybersecurity of future vehicles will therefore be key to achieving the acceptability of these new automotive technologies to society. However, traditional prescriptive assurance methods will not work for vehicle cybersecurity, due to the evolving threats, through-life software updates, and the deployment of artificial intelligence techniques. Cybersecurity regulations that are goal-oriented and risk-based, like those increasingly used in safety engineering for complex systems, are now mandated in recent vehicle type approval regulations. This results in many new assurance challenges, which will not be limited purely to cybersecurity. In particular, emerging standards have proposed that an assurance case approach should be adopted in relation to cybersecurity. This paper therefore proposes a novel cybersecurity case framework that adapts existing approaches from safety engineering, emphasizes the limitations of the analysis through eliminative argumentation, and merges in the attack-defence tree techniques used in cybersecurity engineering, with the aim of providing a better reflection of the some of the uncertainties in the cybersecurity risk analysis.
Original language | English |
---|---|
Title of host publication | Proceedings of the 31st European Safety and Reliability Conference (ESREL 2021) |
Editors | Bruno Castanier, Marko Cepin, David Bigaud, Christophe Berenguer |
Publisher | Research Publishing (S) Pte Ltd |
Pages | 2038-2045 |
Number of pages | 8 |
ISBN (Print) | 978-981-18-2016-8 |
DOIs | |
Publication status | Published - 2021 |
Event | 31st European Safety and Reliability Conference - Angers, France Duration: 19 Sept 2021 → 23 Sept 2021 Conference number: 31 http://esrel2021.org/en/index.html |
Publication series
Name | Proceedings of the 31st European Safety and Reliability Conference, ESREL 2021 |
---|
Conference
Conference | 31st European Safety and Reliability Conference |
---|---|
Abbreviated title | ESREL 2021 |
Country/Territory | France |
City | Angers |
Period | 19/09/21 → 23/09/21 |
Internet address |
Keywords
- Assurance
- automated driving
- connected vehicles
- cybersecurity
- risk
- safety
- software updates