The Society of Automotive Engineers (SAE) published a guide in January 2014 for cyber-physical vehicle systems (CPVS). The objective was to realise the importance of cyber security as an integral part of the automotive development life cycle and to provide a framework for organisations to work with.
Conventionally, cyber security was considered as value added, which needs to be changed. The guide provides a complete life cycle process framework that could be adapted and tailored to a company-specific process.
Cyber security principles need to be realised by all the stakeholders, such as original equipment manufacturers (OEMs) and tier 1 suppliers.
The concept flow diagram is given below. It starts with the feature definition where you define the feature that is being developed. The next phase is the initiation of cyber security life cycle which involves planning, such as deciding which activities need to take place. In the threat analysis and risk assessment phase, potential threats and their associated risks are identified. The high-level goals are also identified in this phase. For risk assessment, different tools and models could be adapted, such as a Microsoft threat modelling tool, or DREAD. The outcome of the threat modelling could be used to highlight potential high-risk threats.
The next phase is the cyber security concept in which the high-level strategy for the feature is described. The phases then move on to identify the functional cyber security requirements, perform an assessment of the current state of the feature, and finally review and refine the high-level strategy.
Adapted from SAE International 2016
SAE International (2016) Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. United States.
© Coventry University. CC BY-NC 4.0