Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA

  • Conference paper
  • First Online:
Systems, Software and Services Process Improvement (EuroSPI 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1646))

Included in the following conference series:

Abstract

The Automotive SPICE for Cybersecurity Assessor Course has been developed in Q4/2021 and launched in Jan. 2022. From 6th July 2022 onwards Automotive projects need to declare the coverage of cybersecurity norms (UNECE 155, UNECE 156, ISO 21434) for the homologation of the vehicles in the EU. All car makers request in their customer requirements documents the performance of a TARA (Cybersecurity Threat and Risk Analysis) and all ASPICE assessments for cybersecurity need to evaluate the capability of the process MAN.7 Risk management for Cybersecurity. The Base Practices of MAN.7 are related to the steps of performing and tracking a TARA. In the EU project CyberENG a training for cybersecurity managers and cybersecurity assessors is currently developed which explains how such a TARA is performed and what steps and attributes need to be considered. For the development of the iNTACS ASPICE for cybersecurity assessor training the SOQRATES group contributed practical examples for MAN.7, and SEC.1 to SEC.4 to the course development. This paper outlines how the TARA based on ISO 21434 and ASPICE for cybersecurity is structured and uses the example from the CyberENG project to explain it in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Automotive SPICE © 3.1, Process Assessment Model, VDA QMC Working Group 13 / Automotive SIG (2017)

    Google Scholar 

  2. Automotive SPICE © Guidelines, 2nd Edition Nov 2017, VDA QMC Working Group (2017)

    Google Scholar 

  3. Automotive SPICE for Cybersecurity, 1st Edition, Feb. 2021, VDA QMC Working Group (2021)

    Google Scholar 

  4. Armengaud, E., Frager, S., Jones, S., Massoner, A., Parrilla, A.F., Wikström, N., Macher, G.: Development Framework for Longitudinal Automated Driving Functions with Off-board Information Integration arXiv preprint arXiv:1906.10009 (2019)

  5. Biró, M., Messnarz, R.: Key success factors for business based improvement. In: Proceedings of the EuroSPI ‘1999 conference. Pori, 1999. (Pori School of Technology and Economics. Ser. A., 25.) (1999)

    Google Scholar 

  6. Dobaj, J., Macher, G., Eker, D., Riel, A., Messnarz, R.: Towards a security-driven automotive development lifecycle. J. Software: Evolution Process, WILEY Online Library (2021). https://doi.org/10.1002/smr.2407

  7. Ekert, D., Messnarz, R., Norimatsu, S., Zehetner, T., Aschbacher, L.: Experience with the performance of online distributed assessments – using advanced infrastructure. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 629–638. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_47

    Chapter  Google Scholar 

  8. EU Blueprint Project DRIVES, https://www.project-drives.eu/, last access date: (2021)

  9. European Sector Skill Council: Report, Eu Skill Council Automotive Industry (2013)

    Google Scholar 

  10. Feuer, E., Messnarz, R., Sanchez, N.: Best practices in e-commerce: strategies, skills, and processes. In: Proceedings of the E2002 Conference, E-Business and E-Work, Novel Solutions for a Global Networked Economy, eds. Brian Stanford Smith, Enrica Chiozza, IOS Press, Amsterdam, Berlin, Oxford, Tokyo, Washington (2002)

    Google Scholar 

  11. Höhn, H., Sechser, B., Dussa-Zieger, K., Messnarz, R., Hindel, B.: Software Engineering nach Automotive SPICE: Entwicklungsprozesse in der Praxis-Ein Continental-Projekt auf dem Weg zu Level 3. Systemdesign, dpunkt. Verlag, Kapitel (2015)

    Google Scholar 

  12. Innerwinkler, P., et al.: TrustVehicle--Improved Trustworthiness and weather-independence of conditionally automated vehicles in mixed traffic scenarios. International Forum on Advanced Microsystems for Automotive Applications, pp. 75–89 (2018)

    Google Scholar 

  13. ISO - International Organization for Standardization: ISO 26262 Road vehicles Functional Safety Part 1–10 (2011)

    Google Scholar 

  14. ISO – International Organization for Standardization: ISO CD 26262–2018 2nd Edition Road vehicles Functional Safety (2018)

    Google Scholar 

  15. Korsaa, M., et al.: The SPI manifesto and the ECQA SPI manager certification scheme. J. Software: Evolution Process 24(5), 525–540 (2012)

    Google Scholar 

  16. Korsaa, M., et al.: The people aspects in modern process improvement management approaches. J. Software: Evolution Process 25(4), 381–391 (2013)

    Google Scholar 

  17. Kreiner, C., Messnarz, R., Riel, A., et al: The AQUA Automotive sector skills alliance: best practice in an integrated engineering approach. Software Quality Professional 17(3), 35–45 (2015)

    Google Scholar 

  18. Kreiner, C.J., et al.: Integrating functional safety, automotive SPICE and six sigma – the AQUA knowledge base and integration examples. In: Systems, Software and Services Process Improvement 21st European Conference, EuroSPI, pp. 285–295 (2014)

    Google Scholar 

  19. Kreiner, C.J., et al.: Automotive knowledge alliance AQUA - integrating automotive SPICE, six sigma, and functional safety. In: Systems, Software and Services Process Improvement 20th European Conference, EuroSPI 2013, Dundalk, Ireland, June 25–27. Proceedings, pp. 333 – 344 (2013)

    Google Scholar 

  20. Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting cyber-security based on hardware-software interface definition systems. In: Software and Services Process Improvement - 23nd European Conference, EuroSPI 2016 Proceedings, Springer (2016)

    Google Scholar 

  21. Macher, G., Messnarz, R., Kreiner, C., et al.: Integrated safety and security development in the automotive domain, Working Group 17AE-0252/2017–01–1661, SAE International (2017)

    Google Scholar 

  22. Macher, G., Much, A., Riel, A., Messnarz, R., Kreiner, C.: Automotive SPICE, safety and cybersecurity integration. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 273–285. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_23

    Chapter  Google Scholar 

  23. Macher, G., Diwold, K., Veledar, O., Armengaud, E., Römer, K.: The quest for infrastructures and engineering methods enabling highly dynamic. Autonomous Systems European Conference on Software Process Improvement, pp. 15–27 (2019)

    Google Scholar 

  24. Macher, G., Druml, N., Veledar, O., Reckenzaun, J.: Safety and security aspects of fail-operational urban surround perceptION (FUSION). International Symposium on Model-Based Safety and Assessment, pp. 286–300 (2019)

    Google Scholar 

  25. Messnarz, R., et al.: Integrated Automotive SPICE and safety assessments, Volume14, Issue5, Special Issue: Part 1: Special Issue on SPI Experiences and Innovation for Global Software Development, WILEY, pp. 279–288 (2009). https://doi.org/10.1002/spip.429

  26. Messnarz, R., Kreiner, C., Riel, A.: Integrating Automotive SPICE, Functional Safety, and Cybersecurity Concepts: A Cybersecurity Layer Model. Software Quality Professional (2016)

    Google Scholar 

  27. Messnarz, R., König, F., Bachmann, V.O.: Experiences with trial assessments combining automotive spice and functional safety standards. In: Winkler D., O’Connor R.V., Messnarz R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2012. Communications in Computer and Information Science, vol 301. Springer, Berlin, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31199-4_23

  28. Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Software Quality Professional 18(4), 13–23 (2016)

    Google Scholar 

  29. Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2019. Communications in Computer and Information Science, vol 1060. Springer, Cham (2019) https://doi.org/10.1007/978-3-030-28005-5_42

  30. Messnarz, R., Ekert, D.: Assessment‐based learning systems - learning from best projects. In: Wiley Inerscience, Software Process Improvement in Practice, Volume12, Issue6, Special Issue: Special Issue on Industrial Experiences in SPI, pp. 569–577 (2007). https://doi.org/10.1002/spip.347,

  31. Messnarz, R., Much, A., Kreiner, C., Biro, M., Gorner, J.: Need for the continuous evolution of systems engineering practices for modern vehicle engineering. In: Stolfa, J., Stolfa, S., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2017. CCIS, vol. 748, pp. 439–452. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_36

    Chapter  Google Scholar 

  32. Messnarz, R., Macher, G., Stolfa, J., Stolfa, S.: Highly autonomous vehicle (system) design patterns – achieving fail operational and high level of safety and security. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 465–477. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_36

    Chapter  Google Scholar 

  33. Messnarz, R., et al.: Automotive cybersecurity engineering job roles and best practices – developed for the EU blueprint project DRIVES. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 499–510. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_37

    Chapter  Google Scholar 

  34. Messnarz, R., Colomo-Palacios, R., Macher, G., Riel, A., Biro, M.: Recent Advances in Cybersecurity and Safety Architectures in Automotive, IT, and Connected Services, J.UCS Journal of Universal Computer Science https://lib.jucs.org/article/72072/

  35. Messnarz, R., et al.: First experiences with the automotive SPICE for cybersecurity assessment model. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 531–547. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_35

    Chapter  Google Scholar 

  36. SAE J3061, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, SAE - Society of Automotive Engineers, USA (2016)

    Google Scholar 

  37. Schlager, C., Messnarz, R., Sporer, H., Riess, A., Mayer, R., Bernhardt, S.: Hardware SPICE extension for automotive SPICE 3.1. In: Larrucea, X., Santamaria, I., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2018. CCIS, vol. 896, pp. 480–491. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_41

    Chapter  Google Scholar 

  38. Schmittner, C., et al.: Innovation and transformation in a digital world-27th interdisciplinary information management talks. Trauner Verlag Universitat 2019, 401–409 (2019)

    Google Scholar 

  39. Schmittner, C., Macher, G.: Automotive Cybersecurity Standards-Relation and Overview International Conference on Computer Safety, Reliability, and Security, pp. 153–165 (2019)

    Google Scholar 

  40. SOQRATES: Task Forces Developing Integration of Automotive SPICE, ISO 26262 and SAE J3061 http://soqrates.eurospi.net/

  41. SPI Manifesto: http://2018.eurospi.net/index.php/manifesto, Access date: 2 Apr 2019

  42. Stolfa, J., et al.: Automotive quality universities - AQUA alliance extension to higher education. In: Kreiner, C., O’Connor, R., Poth, A., Messnarz, R.: (eds) Systems, Software and Services Process Improvement. EuroSPI 2016. Communications in Computer and Information Science, vol 633. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44817-6_14

  43. Stolfa, J., et al.: Automotive engineering skills and job roles of the future? In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 352–369. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_26

    Chapter  Google Scholar 

  44. Stolfa, J., et al.: DRIVES—EU blueprint project for the automotive sector—A literature review of drivers of change in automotive industry. In: Journal of Software: Evolution and Process, Volume32, Issue3, Special Issue: Addressing Evolving Requirements Faced by the Software Industry (2020)

    Google Scholar 

  45. Stolfa, J., et al.: Systems, Software and Services Process Improvement: 28th European Conference, EuroSPI 2021, Krems, Austria, September 1–3, 2021, Proceedings, CCIS 1442, SPRINGER Nature (2021)

    Google Scholar 

  46. Veledar, O., Damjanovic-Behrendt, V., Macher, G.: Digital Twins for dependability improvement of autonomous driving. In: European Conference on Software Process Improvement, pp. 415–426 (2019)

    Google Scholar 

  47. Wegner, T., et al.: Enough assessment guidance, it’s time for improvement – a proposal for extending the VDA guidelines. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 462–476. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_34

    Chapter  Google Scholar 

  48. Automotive Cybersecurity Management System Audit Guideline, 1st Edition, VDA-QMC (2020)

    Google Scholar 

  49. ISO 21434ISO/SAE 21434, Road vehicles – Cybersecurity engineering, First Edition (2021)

    Google Scholar 

  50. The STRIDE Threat Model, Microsoft. https://owasp.org/www-community/Threat_Modeling_Process. Accessed 10 Aug 2022

  51. Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 549–562. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_42

    Chapter  Google Scholar 

Download references

Acknowledgements

We are grateful to the Erasmus+ program of the European Union which has funded the CYBERENG project (2021 – 2022). In this case the publication reflects the views only of the author(s), and the Commission cannot be held responsible for any use, which may be made of the information contained therein.

We are grateful to the working group in iNTACS which developed the ASPICE for cybersecurity training material, Elektrobit and ISCN are a member of this group.

We are grateful to a working party of Automotive suppliers SOQRATES [40] (https://soqrates.eurospi.net) who exchanged knowledge about such cybersecurity methods and assessment strategies, and helped to contribute the cybersecurity knowledge from SOQRATES to the iNTACS working group developing the training material for cybersecurity. This includes: Böhner Martin (Elektrobit), Brasse Michael(HELLA), Bressau Ernst (BBraun), Dallinger Martin (ZF), Dorociak Rafal (HELLA), Dreves Rainer (Continental Automotive), Ekert Damjan (ISCN), Forster Martin (ZKW), Geipel Thomas (BOSCH), Grave Rudolf (Elektrobit), Griessnig Gerhard (AVL), Gruber Andreas (ZKW), Habel Stephan (Continental Automotive), Hällmayer Frank (Software Factory), Haunert Lutz (Giesecke & Devrient), Karner Christoph (KTM), Kinalzyk Dietmar (AVL), König Frank (ZF), Lichtenberger Christoph (MAGNA ECS), Lindermuth Peter (Magna Powertrain), Macher Georg (TU Graz & ISCN), Mandic Irenka (Magna Powertrain), Maric Dijas (Lorit Consultancy), Mayer Ralf (BOSCH Engineering), Mergen Silvana (TDK/EPCOS), Messnarz Richard (ISCN), Much Alexander (Elektrobit), Nikolov Borislav (msg Plaut), Oehler Couso Daniel (Magna Powertrain), Riel Andreas (Grenoble INP & ISCN), Rieß Armin (BBraun), Santer Christian (AVL), Schlager Christian (Magna ECS), Schmittner Christoph (Austrian Institute of Technology AIT), Schubert Marion (ZKW), Sechser Bernhard (Process Fellows), Sokic Ivan (Continental Automotive), Sporer Harald (Infineon), Stahl Florian (AVL), Wachter Stefan (msg Plaut), Walker Alastair (Lorit Consultancy), Wegner Thomas (ZF).

Author information

Authors and Affiliations

  1. ISCN GesmbH, Graz, Austria

    Richard Messnarz & Damjan Ekert

  2. University of Technology Graz, Graz, Austria

    Georg Macher

  3. UVSB TUO Ostrava, Ostrava, Czech Republic

    Svatopluk Stolfa & Jakub Stolfa

  4. Elektrobit AG, Erlangen, Germany

    Alexander Much

Authors
  1. Richard Messnarz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Damjan Ekert
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Georg Macher
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Svatopluk Stolfa
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jakub Stolfa
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Alexander Much
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Richard Messnarz .

Editor information

Editors and Affiliations

  1. Gazi University, Ankara, Turkey

    Murat Yilmaz

  2. Dublin City University, Dublin, Ireland

    Paul Clarke

  3. I.S.C.N. GesmbH, Graz, Austria

    Richard Messnarz

  4. Paracelsus Medical University, Salzburg, Austria

    Bruno Wöran

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Messnarz, R., Ekert, D., Macher, G., Stolfa, S., Stolfa, J., Much, A. (2022). Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol 1646. Springer, Cham. https://doi.org/10.1007/978-3-031-15559-8_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15559-8_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15558-1

  • Online ISBN: 978-3-031-15559-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation