Threat/Hazard Analysis and Risk Assessment: A Framework to Align the Functional Safety and Security Process in Automotive Domain

The modern automobile consists of several Electronic Control Units (ECUs) to support various safety-critical functionalities. The underlying systems are susceptible to safety and cybersecurity attacks as the involved ECUs are interconnected. The security attacks can lead to disrupting the safe operation of the vehicle while causing injury to the passengers. Traditionally, the safety team performs hazard analysis and risk assessment (HARA), while the security team performs threat analysis and risk assessment (TARA) in evaluating the risk associated with security incidents. The safety risk, calculated through HARA, does not consider the impact of security incidents on it. Similarly, the security risk calculated in TARA does not consider all the aspects of functional safety associated with the involved assets. Thus, the aim of this article is to merge the impact of safety hazards and security attacks through a uniform framework, THARA. Consequently, the functional safety requirements and cybersecurity requirements can be aligned with each other. In this article, a case study of the application of the THARA framework is presented through the risk analysis of safety and security threats applicable to the rearview camera (RVC) feature of the vehicle.