This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Cybersecurity Metrics for Automotive Systems
Technical Paper
2021-01-0138
ISSN: 0148-7191, e-ISSN: 2688-3627
This content contains downloadable datasets
Annotation ability available
Sector:
Event:
SAE WCX Digital Summit
Language:
English
Abstract
Cybersecurity for automotive systems is challenging and one of the major challenges is how to measure this specific system property. With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the upcoming ISO/SAE 21434 cybersecurity standard for automotive systems and cybersecurity regulations in UNECE WP.29, it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. The main contribution of this paper is contextualization of existing metrics from literature and mapping out how they may fit within a standardized framework. We highlight the challenges to create awareness around the lack of common understanding and outline first potential steps towards a consensus. For example, one can consider assurance levels as a form of metric. Since guarantees of security are not possible, verification and validation methods such as various forms of testing can be used to give an assurance of security. For the automotive industry, there are discussions around cybersecurity assurance levels (CALs) which are outlined in an informative annex in the ISO/SAE 21434 draft standard. The CAL values are used to indicate subsequently increasing scope, extent and depth of assurance activities to be performed to achieve that level of assurance. A common understanding of the answer to “how much cybersecurity is enough?” will inspire greater confidence in practitioners who design and test the technical measures, in industry with regards to a balanced approach to cybersecurity and ultimately, in consumers who need to know that the products that they buy will be safe and secure.
Authors
Citation
Cheah, M. and Oka, D., "Cybersecurity Metrics for Automotive Systems," SAE Technical Paper 2021-01-0138, 2021, https://doi.org/10.4271/2021-01-0138.Data Sets - Support Documents
| Title | Description | Download |
|---|---|---|
| Unnamed Dataset 1 | ||
| Unnamed Dataset 2 | ||
| Unnamed Dataset 3 | ||
| Unnamed Dataset 4 | ||
| Unnamed Dataset 5 | ||
| Unnamed Dataset 6 |
Also In
References
- Craigen , D. , Diakun-Thibault , N. , and Purse , R. Defining Cybersecurity Technology Innovation Management Review 4 10 2014
- International Organization for Standardization, SAE International ISO/SAE DIS 21434 - Road Vehicles Cybersecurity Engineering 2020
- UNECE WP.29 GRVA Task Force on Cyber Security and (OTA) Software Updates (CS/OTA)
- Yan , D. A Systems Thinking for Cybersecurity Modeling 2020
- Stuckman , J. and Purtilo , J. Comparing and Applying Attack Surface Metrics Proceedings of the 4th International Workshop on Security Measurements and Metrics 3 6 Sep. 2012
- FIRST Common Vulnerability Scoring System SIG https://www.first.org/cvss/
- Enoch , S.Y. , Ge , M. , Hong , J.B. , Alzaid , H. , and et al. A Systematic Evaluation of Cybersecurity Metrics for Dynamic Networks Computer Networks 144 216 229 2018
- Levien , R. Attack-Resistant Trust Metrics Computing with Social Trust London Springer 2009 121 132
- Murguia , C. and Ruths , J. On Reachable Sets of Hidden CPS Sensor Attacks Proceedings of the 2018 Annual American Control Conference (ACC) IEEE 2018
- Abraham , S. and Nair , S. Exploitability Analysis Using Predictive Cybersecurity Framework Proceedings 2015 IEEE 2nd International Conference on Cybernetics June 2015 317 323 2015
- Wang , L. , Jajodia , S. , Singhal , A. , Cheng , P. , and et al. K-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities IEEE Transactions on Dependable and Secure Computing 11 1 30 44 2013
- Paulk , M.C. , Curtis , B. , Chrissis , M.B. , and Weber , C.V. Capability Maturity Model, Version 1.1 IEEE Software 10 4 18 27 1993
- Herbsleb , J. , Zubrow , D. , Goldenson , D. , Hayes , W. , and et al. Software Quality and the Capability Maturity Model Communications of the ACM 40 6 30 40 1997
- OWASP Software Assurance Maturity Model https://www.opensamm.org/
- SANS CWE/SANS TOP 25 Most Dangerous Software Errors https://www.sans.org/top25-software-errors
- MITRE CWE - Common Weakness Enumeration https://cwe.mitre.org/
- SEI SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems 2016
- Common Criteria Common Methodology for Information Technology Security Evaluation Version 3.1 Revision 5 2017
- CISQ Coding Rules for Secure Software https://www.it-cisq.org/standards/code-quality-standards/security/index.htm
- Nie , S. , Liu , L. , and Du , Y. Free-Fall: Hacking Tesla from Wireless to CAN Bus Las Vegas, NV, USA Black Hat USA 2017
- Tencent Keen Security Lab Experimental Security Assessment on Lexus Cars https://keenlab.tencent.com/en/2020/03/30/Tencent-Keen-Security-Lab-Experimental-Security-Assessment-on-Lexus-Cars/
- Macher , G. , Schmittner , C. , Veledar , O. , and Brenner , E. ISO/SAE DIS 21434 Automotive Cybersecurity Standard - In a Nutshell Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops. SAFECOMP 2020. Lecture Notes in Computer Science 12235 Springer Cham
- 5StarS A Roadmap to Resilience 2019 https://5starsproject.com/download/5stars-a-roadmap-to-resilience-draft-white-paper-download/
- General Incorporated Association: Connected Consumer Device Security Council Security Guidelines for Product Categories - Automotive On-Board Devices 2017 https://www.ccds.or.jp/english/contents/CCDS%20Security%20Guidelines%20for%20Product%20Categories%20Automotive%20On-board%20Devices_v2.0_eng.pdf