A supplier’s perspective on threat analysis and risk assessment according to ISO/SAE 21434
- Since its recent publication in August 2021, the new international standard \(\it ISO/SAE 21434\) Road vehicles – Cybersecurity engineering has become the leading standard for security engineering in automotive domains. It defines comprehensive requirements for analysis, processes, and management of security-related tasks in designing, developing, producing, and maintaining vehicles. Within the first few months of applying the standard as a tier 1 supplier, we have been able to gain relevant experience in our daily work. In this paper, we present some of these insights concerning the application of the standard to threat analysis and risk assessment, especially from a supplier’s point of view. We discuss limitations of the standard with respect to impact and risk estimation for threats, realistic and consistent attack feasibility rating of attacks, and technical communication interfaces with our customers. Further, we present our ideas on how these limitations can be overcome by supplying specific interpretations of the standard and the extending examples in its annex.
Author: | Simon GreinerGND, Maike MassiererGND, Claudia LoderhoseGND, Bernd LutzGND, Frederic StumpfGND, Franziska WiemerGND |
---|---|
URN: | urn:nbn:de:hbz:294-93579 |
DOI: | https://doi.org/10.13154/294-9357 |
Parent Title (English): | 20th escar Europe - The World's Leading Automotive Cyber Security Conference (15. - 16.11.2022) |
Document Type: | Part of a Book |
Language: | English |
Date of Publication (online): | 2022/10/21 |
Date of first Publication: | 2022/10/21 |
Publishing Institution: | Ruhr-Universität Bochum, Universitätsbibliothek |
Tag: | ISO/SAE 21434; security engineering; threat analysis and risk assessment |
First Page: | 1 |
Last Page: | 15 |
Dewey Decimal Classification: | Allgemeines, Informatik, Informationswissenschaft / Informatik |
open_access (DINI-Set): | open_access |
Konferenz-/Sammelbände: | 20th escar Europe - The World's Leading Automotive Cyber Security Conference |
Licence (German): | Keine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht |