This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Threat Analysis and Risk Assessment in Automotive Cyber Security
ISSN: 1946-4614, e-ISSN: 1946-4622
Published April 08, 2013 by SAE International in United States
Citation: Ward, D., Ibarra, I., and Ruddle, A., "Threat Analysis and Risk Assessment in Automotive Cyber Security," SAE Int. J. Passeng. Cars – Electron. Electr. Syst. 6(2):507-513, 2013, https://doi.org/10.4271/2013-01-1415.
The process of hazard analysis and risk assessment (H&R or HARA) is well-established in standards and methods for functional safety, such as the automotive functional safety standard ISO 26262. Considering the parallel discipline of cyber security, it is necessary to establish an analogous process of threat analysis and risk assessment (T&R) in order to identify potential security attacks and the risk associated with these attacks if they were successful.
While functional safety H&R processes could be used for threat analysis, these methods need extension and adaptation to the cyber security domain. This paper describes how such a method has been developed based on the approach described in ISO 26262 and the related MISRA Safety Analysis Guidelines. In particular key differences are described in the understanding of the severity of a security attack, and the factors that contribute to the probability of a successful attack. However it also acknowledges that some threats may contribute to a safety-relevant hazard.
The paper will also explore some potential future directions, such as how the T&R can be used to support an assurance case for cyber security.