View Categories

Cyber Security – Threat Analysis and Risk Assessment

At first, asset management requires the identication of all the assets that are specific to the organisation and the ADF, and this requires a consistent up-to-date asset inventory (ENISA (2019)). This step allows the organisation to identify possible vulnerabilities. As a second step, threat analysis and risk assessment (TARA) shall be performed, taking into account that it is an iterative task along the development process. This step allows the identification of possible threats to the function and how they relate to critical assets. Once they are identified security risks to the function can be clarified, which can lead to the definition of the required mitigation strategies. This task should be revised upon any major change or in the event of detection of critical security vulnerabilities or critical security incidents (ENISA, 2019).

The threat analysis and risk assessment shall consider all possible entry points of potential attacks (so-called attack vectors), the likelihood of the attack, the impact, the risk and further details such as the expertise required to perform such attacks and the possible attack methods. Additionally, a TARA+ methodology shall be considered (Bolovinou, A. et al., 2019). External connectivity offers the possibility to perform several tasks remotely without the need to be physically present at a dealer or garage, using V2N communications. This also increases the potential attack vectors that AVs can be exposed to. That is why asset management, threat analysis and risk assessment should carefully analyse all the possible external connections of the ADF (e.g. remote diagnostics). For details about software updates, please refer to the Implementation of Updates topic on questions Sys_9, Sys_10 and Sys_11.

Main Question

Are asset management and Threat Analysis and Risk Assessment (TARA) performed?

Sub-Questions

  1. Does the threat analysis consider potential types of attack vectors and their characteristics (e.g. description of attack, likelihood, impact, risk…)? 
  2. Are external connectivity and connections considered in the asset management and threat analysis? (Some examples of external connectivity and connections are software updates, remote diagnostics, and fleet management)
  3. Is AI considered in the asset management and threat analysis? An example of an asset in AI systems is the dataset (including its design, maintenance and updates). See ISO/IEC/CD27090 for more information.
  4. Has a suitable or recognised method been selected for performing the TARA?
  5. Is the selected TARA method able to model automated driving functions and shared control between the driver and the system where relevant?

References

  • ENISA (2019) Good practices for Security of Smart Cars. Available at: https://www.enisa.europa.eu/publications/smart-cars (Accessed: 31 October 2023).
  • Bolovinou, A., Atmaca, U., Sheik, A. T., Ur-Rehman, O., Wallraf, G. and Amditis, A. (2019). ‘TARA+: Controllability-aware Threat Analysis and Risk Assessment for L3 Automated Driving Systems’  IEEE Intelligent Vehicles Symposium (IV). doi: https://doi.org/10.1109/ivs.2019.8813999
  • ISO/IEC  CD 27090 Cybersecurity – Artificial Intelligence – Guidance for addressing security threats and failures in artificial intelligence systems. Available at: https://www.iso.org/standard/56581.html (Accessed: 25 March 2024)