Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

The New Cybersecurity Challenges and Demands for Automotive Organisations and Projects - An Insight View

  • Conference paper
  • First Online:
Systems, Software and Services Process Improvement (EuroSPI 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1890))

Included in the following conference series:

Abstract

INTACS has developed and rolled out Automotive SPICE® for Cybersecurity Assessor training and developed training materials to prepare assessors to rate processes like SEC.1 – SEC.4 and MAN.7 Cybersecurity Risk Management. This requires from automotive projects a well-structured TARA (Cybersecurity Threat Analysis and Risk Assessment) and a basic understanding of automotive cybersecurity architectural frameworks to analyse cybersecurity scenarios and derive cybersecurity controls and requirements. This paper will outline the expectations from automotive projects and provide experiences from a first year of training and assessments on the market applying Automotive SPICE® for Cybersecurity. It will also give hints for how to create additional cybersecurity views in the system and software architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Relationship with the SPI Manifesto

A platform were such new cross-cutting approaches can be discussed is EuroAsiaSPI2. Its mission is to develop an experience and knowledge exchange platform for Europe where Software Process Improvement (SPI) practices can be discussed and exchanged and knowledge can be gathered and shared [5, 15, 16, 38, 39, 40, 64]. The connected SPI manifesto defines the required values and principles for a most efficient SPI work.

The principle “Use dynamic and adaptable models as needed” means that cybersecurity norms and views in future need to be integrated into the existing processes.

References

  1. Automotive SPICE © 3.1, Process Assessment Model, VDA QMC Working Group 13/Automotive SIG (2017)

    Google Scholar 

  2. Automotive SPICE © Guidelines, 2nd Edition Nov 2017, VDA QMC Working Group 13 (2017)

    Google Scholar 

  3. Automotive SPICE for Cybersecurity, 1st Edition, Feb. 2021, VDA QMC Working Group 13 (2021)

    Google Scholar 

  4. Armengaud, E., et al.: Development framework for longitudinal automated driving functions with off-board information integration (2019). arXiv preprint arXiv:1906.10009

  5. Biró, M., Messnarz, R.: Key success factors for business based improvement. In: Proceedings of the EuroSPI’ 1999 Conference, Pori School of Technology and Economics. Ser. A., Pori, vol. 25 (1999)

    Google Scholar 

  6. Dobaj, J., Macher, G., Ekert, D., Riel,A., Messnarz, R.: Towards a security-driven automotive development lifecycle. J. Softw. Evol. Process (2021). https://doi.org/10.1002/smr.2407

  7. Ekert, D., Messnarz, R., Norimatsu, S., Zehetner, T., Aschbacher, L.: Experience with the performance of online distributed assessments – using advanced infrastructure. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 629–638. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_47

    Chapter  Google Scholar 

  8. EU Blueprint Project DRIVES. https://www.project-drives.eu/. Accessed 6 Apr 2021

  9. European Sector Skill Council: Report. Eu Skill Council Automotive Industry (2013)

    Google Scholar 

  10. Feuer, E., Messnarz, R., Sanchez, N.: Best practices in e-commerce: strategies, skills, and processes. In: Smith, B.S., Chiozza, E (eds.) Proceedings of the E2002 Conference, E-Business and E-Work, Novel Solutions for a Global Networked Economy. IOS Press, Amsterdam (2002)

    Google Scholar 

  11. Höhn, H., Sechser, B., Dussa-Zieger, K., Messnarz, R., Hindel, B.: Software Engineering nach Automotive SPICE: Entwicklungsprozesse in der Praxis-Ein Continental-Projekt auf dem Weg zu Level 3. Systemdesign, dpunkt. Verlag, Kapitel (2015)

    Google Scholar 

  12. Innerwinkler, P., et al.: TrustVehicle--improved trustworthiness and weather-independence of conditionally automated vehicles in mixed traffic scenarios. In: International Forum on Advanced Microsystems for Automotive Applications, pp. 75–89 (2018)

    Google Scholar 

  13. ISO - International Organization for Standardization. ISO 26262 Road vehicles Functional Safety Part 1–10 (2011)

    Google Scholar 

  14. ISO – International Organization for Standardization. ISO CD 26262–2018 2nd Edition Road vehicles Functional Safety (2018)

    Google Scholar 

  15. Korsaa, M., et al.: The SPI Manifesto and the ECQA SPI manager certification scheme. J. Softw. Evol. Process 24(5), 525–540 (2012)

    Article  Google Scholar 

  16. Korsaa, M., et al.: The people aspects in modern process improvement management approaches. J. Softw. Evol. Process 25(4), 381–391 (2013)

    Article  Google Scholar 

  17. Christian, K., Messnarz, R., Riel, A., et al.: The AQUA automotive sector skills alliance: best practice in an integrated engineering approach. Softw. Qual. Prof. 17(3), 35–45 (2015)

    Google Scholar 

  18. Kreiner, C.J., et al.: Integrating functional safety, automotive SPICE and six sigma – the AQUA knowledge base and integration examples. In: Systems, Software and Services Process Improvement 21st European Conference, EuroSPI 2014, pp. 285–295 (2014)

    Google Scholar 

  19. Kreiner, C.J., et al.: Automotive knowledge alliance AQUA - Integrating automotive SPICE, six sigma, and functional safety. In: Systems, Software and Services Process Improvement 20th European Conference, EuroSPI 2013, Dundalk, Ireland, 25–27 June 2013, Proceedings, pp. 333–344 (2013)

    Google Scholar 

  20. Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting cyber-security based on hardware-software interface definition. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) Systems, Software and Services Process Improvement: 23rd European Conference, EuroSPI 2016, Graz, Austria, September 14-16, 2016, Proceedings, pp. 148–159. Springer International Publishing, Cham (2016). https://doi.org/10.1007/978-3-319-44817-6_12

    Chapter  Google Scholar 

  21. Macher, G., Messnarz, R., Kreiner, C., et al.: Integrated safety and security development in the automotive domain. In: Working Group 17AE-0252/2017–01–1661. SAE International (2017)

    Google Scholar 

  22. Macher, G., Much, A., Riel, A., Messnarz, R., Kreiner, C.: Automotive SPICE, safety and cybersecurity integration. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 273–285. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_23

    Chapter  Google Scholar 

  23. Macher, G., Diwold, K., Veledar, O., Armengaud, E., Römer, K.: The quest for infrastructures and engineering methods enabling highly dynamic autonomous systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 15–27. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_2

    Chapter  Google Scholar 

  24. Macher, G., Druml, N., Veledar, O., Reckenzaun, J.: Safety and security aspects of fail-operational urban surround perceptION (FUSION). In: Papadopoulos, Y., Aslansefat, K., Katsaros, P., Bozzano, M. (eds.) IMBSA 2019. LNCS, vol. 11842, pp. 286–300. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32872-6_19

    Chapter  Google Scholar 

  25. Messnarz, R., et al.: Integrated automotive SPICE and safety assessments. Softw. Process: Improv. Pract. 14(5), 279–288 (2009). https://doi.org/10.1002/spip.429

    Article  Google Scholar 

  26. Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Softw. Qual. Prof. 18(4), 13 (2016)

    Google Scholar 

  27. Messnarz, R., König, F., Bachmann, V.O.: Experiences with trial assessments combining automotive SPICE and functional safety standards. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds.) Systems, Software and Services Process Improvement, pp. 266–275. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31199-4_23

    Chapter  Google Scholar 

  28. Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) Systems, Software and Services Process Improvement: 26th European Conference, EuroSPI 2019, Edinburgh, UK, September 18–20, 2019, Proceedings, pp. 549–562. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_42

    Chapter  Google Scholar 

  29. Messnarz, R., Ekert, D.: Assessment-based learning systems - learning from best projects. Softw. Process Improv. Pract. 12(6), 569–577 (2007). https://doi.org/10.1002/spip.347

    Article  Google Scholar 

  30. Messnarz, R., Much, A., Kreiner, C., Biro, M., Gorner, J.: Need for the continuous evolution of systems engineering practices for modern vehicle engineering. In: Stolfa, J., Stolfa, S., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2017. CCIS, vol. 748, pp. 439–452. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_36

    Chapter  Google Scholar 

  31. Messnarz, R., Macher, G., Stolfa, J., Stolfa, S.: Highly autonomous vehicle (System) design patterns – achieving fail operational and high level of safety and security. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 465–477. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_36

    Chapter  Google Scholar 

  32. Messnarz, R., et al.: Automotive cybersecurity engineering job roles and best practices – developed for the EU blueprint project DRIVES. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 499–510. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_37

    Chapter  Google Scholar 

  33. Messnarz, R., Colomo-Palacios, R., Macher, G., Riel, A., Biro, M.: Recent advances in cybersecurity and safety architectures in automotive, IT, and connected services. J. UCS J. Univ. Comput. Sci. (2021). https://lib.jucs.org/article/72072/

  34. Messnarz, R., et al.: First experiences with the automotive SPICE for cybersecurity assessment model. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 531–547. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_35

    Chapter  Google Scholar 

  35. SAE J3061, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, SAE - Society of Automotive Engineers, USA (2016)

    Google Scholar 

  36. Schlager, C., Messnarz, R., Sporer, H., Riess, A., Mayer, R., Bernhardt, S.: Hardware SPICE extension for automotive SPICE 3.1. In: Larrucea, X., Santamaria, I., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2018. CCIS, vol. 896, pp. 480–491. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_41

    Chapter  Google Scholar 

  37. Schmittner, C., et al.: Innovation and transformation in a digital world-27th interdisciplinary information management talks. Trauner Verlag Universitat 2019, 401–409 (2019)

    Google Scholar 

  38. Schmittner, C., Macher, G.: Automotive cybersecurity standards - relation and overview. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds.) Computer Safety, Reliability, and Security: SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Turku, Finland, September 10, 2019, Proceedings, pp. 153–165. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26250-1_12

    Chapter  Google Scholar 

  39. SOQRATES, Task Forces Developing Integration of Automotive SPICE, ISO 26262 and SAE J3061 and ISO/SAE 21434. http://soqrates.eurospi.net/

  40. SPI Manifesto. http://2018.eurospi.net/index.php/manifesto. Accessed 2 Apr 2019

  41. Stolfa, J., et al.: Automotive quality universities - AQUA alliance extension to higher education. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) Systems, Software and Services Process Improvement: 23rd European Conference, EuroSPI 2016, Graz, Austria, September 14-16, 2016, Proceedings, pp. 176–187. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44817-6_14

    Chapter  Google Scholar 

  42. Stolfa, J., et al.: Automotive engineering skills and job roles of the future? In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 352–369. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_26

    Chapter  Google Scholar 

  43. Stolfa, J., et al.: DRIVES—EU blueprint project for the automotive sector—a literature review of drivers of change in automotive industry. J. Softw. Evol. Process 32(3), 2222 (2020)

    Article  Google Scholar 

  44. Stolfa, J., et al.: Automotive cybersecurity manager and engineer skills needs and pilot course implementation, systems, software and services process improvement. In: 28th European Conference, EuroSPI 2021, Krems, Austria, 1–3 September 2021, Proceedings, CCIS, vol. 1442, pp. 335–348. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-031-15559-8_24

  45. Veledar, O., Damjanovic-Behrendt, V., Macher, G.: Digital twins for dependability improvement of autonomous driving. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 415–426. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_32

    Chapter  Google Scholar 

  46. Wegner, T., et al.: Enough assessment guidance, it’s time for improvement – a proposal for extending the VDA guidelines. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 462–476. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_34

    Chapter  Google Scholar 

  47. Automotive Cybersecurity Management System Audit Guideline, 1st edn. VDA-QMC (2020)

    Google Scholar 

  48. The STRIDE Threat Model. Microsoft

    Google Scholar 

  49. Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 549–562. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_42

    Chapter  Google Scholar 

  50. Automotive Cybersecurity Management System Audit. Quality Management in the Automotive Industry, 1st edn (2020). https://webshop.vda.de/QMC/de/acsms-de_2020 and https://webshop.vda.de/QMC/de/acsms-eng_2020

  51. Regulation (EU) 2019/2144 of the European Parliament and of the Council. Official Journal of the EU (2019). Accessed 16 Dec 2019

    Google Scholar 

  52. Road vehicles—Guidelines for auditing cybersecurity engineering 2022–03. ISO/PAS 5112

    Google Scholar 

  53. Road vehicles—Cybersecurity engineering. 2021–08; ISO/SAE 21434

    Google Scholar 

  54. UN Regulations on Cybersecurity and Software Updates to pave the way for mass roll out of connected vehicles (2020). https://unece.org/press/un-regulations-cybersecurity-and-software-updates-pave-way-mass-roll-out-connected-vehicles

  55. Proposal for the Interpretation Document for UN Regulation No. 155 on uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system (2020). https://unece.org/fileadmin/DAM/trans/doc/2020/wp29/WP29-182-05e.pdf

  56. Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system (2021). https://unece.org/sites/default/files/2021-03/R155e.pdf

  57. Uniform provisions concerning the approval of vehicles with regards to software update and software updates management system (2021). https://unece.org/sites/default/files/2021-03/R156e.pdf

  58. Information technology—Security techniques—Methodology for IT security evaluation. ISO/IEC 18045:2008(E)

    Google Scholar 

  59. E-safety vehicle intrusion protected applications. https://www.evita-project.org/, https://www.evita-project.org/deliverables.html

  60. Expert Review of SEC-PAM – Briefing. VDA/QMC (2020)

    Google Scholar 

  61. Enisa good practices for security of smart cars (2019). https://www.enisa.europa.eu/publications/smart-cars

  62. Risk management – Guidelines - DIN ISO 31000 (2018)

    Google Scholar 

  63. Messnarz, R., Ekert, D., Macher, G., Stolfa, S., Stolfa, J., Much, A.: Automotive SPICE for cybersecurity – MAN.7 cybersecurity risk management and TARA. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds.) Systems, Software and Services Process Improvement: 29th European Conference, EuroSPI 2022, Salzburg, Austria, August 31 – September 2, 2022, Proceedings, pp. 319–334. Springer International Publishing, Cham (2022). https://doi.org/10.1007/978-3-031-15559-8_23

    Chapter  Google Scholar 

  64. Aschbacher, L., Messnarz, R., Ekert, D., Zehetner, T., Schönegger, J., Macher, G.: Improving organisations by digital transformation strategies – case study EuroSPI. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds.) Systems, Software and Services Process Improvement: 29th European Conference, EuroSPI 2022, Salzburg, Austria, August 31 – September 2, 2022, Proceedings, pp. 736–749. Springer International Publishing, Cham (2022). https://doi.org/10.1007/978-3-031-15559-8_51

    Chapter  Google Scholar 

Download references

Acknowledgements

We are grateful to the INTACS working group for cybersecurity which developed the Automotive SPICE® for cybersecurity training. The author Liedtke is lead of that group and the authors Messnarz, Ekert, Much are members of that group and contributed to this paper.

We are grateful to the EU funded Ersamus+ project Grant Agreement No. 101087552 - FLAMENCO where the implementation of new skills in automotive industry are supported for ISCN in this paper.

In these cases the publications reflect the views only of the author(s), and the Commission cannot be held responsible for any use which may be made of the information contained therein.

We are grateful to a working party of Automotive suppliers SOQRATES [39] (https://soqrates.eurospi.net) who provided inputs for cybersecurity best practices. This includes: Dallinger Martin (ZF), Dorociak Rafal (HELLA), Dreves Rainer (Continental), Ekert Damjan (ISCN), Forster Martin (ZKW), Gasch Andreas (Cariad), Geipel Thomas (Robert BOSCH GmbH), Grave Rudolf (Tasking), Griessnig Gerhard (AVL), Gruber Andreas (CERTX), Habel Stephan (Continental), Karner Christoph (KTM), Kinalzyk Dietmar (AVL), König Frank (ZF), Kotselidis Christos (Pierer Innovation), Kurz-Griessnig Brigitte (Magna ECS), Lindermuth Peter (Magna Powertrain), Macher Georg (TU Graz), Mandic Irenka (Magna Powertrain), Mayer Ralf (BOSCH Engineering), Messnarz Richard (ISCN), Much Alexander (Elektrobit AG), Nikolov Borislav (MSG Plaut), Oehler Couso Daniel (Magna Powertrain), Pernpeintner Michael (Schäffler), Riel Andreas (Grenoble iNP, ISCN Group), Rieß Armin (BBraun), Santer Christian (AVL), Shaaban Abdelkader (AIT), Schlager Christian (Magna ECS), Schmittner Christoph (AIT), Sebron Walter (MSG Plaut), Sechser Bernhard (Process Fellows), Sporer Harald Infineon), Stahl Florian (AVL), Wachter Stefan, Walker Alastair (MSG Plau), Wegner Thomas (ZF), Geyer Dirk (AVL), Dobaj Jürgen (TU Graz), Wagner Hans (MSG Systems), Aust Detlev, Zurheide Frank (KTM), Suhas Konanur (ENX), Erik Wilhelm (Kyburz), Noha Moselhy (VALEO), Jakub Stolfa (VSB TUO), Michael Wunder (Hofer Powertrain), Svatopluk Stolfa (VSB TUO).

Author information

Authors and Affiliations

  1. VECTOR Consulting Services GmbH, Stuttgart, Germany

    Thomas Liedtke

  2. ISCN GesmbH, Graz, Austria

    Richard Messnarz & Damjan Ekert

  3. Elektrobit AG, Erlangen, Germany

    Alexander Much

Authors
  1. Thomas Liedtke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Richard Messnarz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Damjan Ekert
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alexander Much
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Richard Messnarz .

Editor information

Editors and Affiliations

  1. Gazi University, Ankara, Türkiye

    Murat Yilmaz

  2. Dublin City University, Dublin, Ireland

    Paul Clarke

  3. Grenoble Alpes University, Grenoble, France

    Andreas Riel

  4. I.S.C.N. GesmbH, Graz, Austria

    Richard Messnarz

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liedtke, T., Messnarz, R., Ekert, D., Much, A. (2023). The New Cybersecurity Challenges and Demands for Automotive Organisations and Projects - An Insight View. In: Yilmaz, M., Clarke, P., Riel, A., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2023. Communications in Computer and Information Science, vol 1890. Springer, Cham. https://doi.org/10.1007/978-3-031-42307-9_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-42307-9_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-42306-2

  • Online ISBN: 978-3-031-42307-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation