Delivering Threat Analysis and Risk Assessment Based on ISO 21434: Practical and Tooling Considerations

Kamil Svancara; Martin J. Thompson

doi:10.4271/11-03-02-0008

An Approach of Scenario-Based Threat Analysis and Risk Assessment Over-the-Air updates for an Autonomous Vehicle

2021 7th International Conference on Automation, Robotics and Applications (ICARA) ◽

10.1109/icara51699.2021.9376542 ◽

2021 ◽

Author(s):

Marzana Khatun ◽

Michael Glass ◽

Rolf Jung

Keyword(s):

Risk Assessment ◽

Autonomous Vehicle ◽

Threat Analysis

Download Full-text

Threat Analysis and Risk Assessment of Autonomous Driving Systems

Automotive Security 2019 ◽

10.51202/9783181023587-71 ◽

2019 ◽

pp. 71-82

Author(s):

O. Ur-Rehman ◽

G. Wallraf ◽

G. Keßler ◽

M. Jentges

Keyword(s):

Risk Assessment ◽

Autonomous Driving ◽

Threat Analysis

Download Full-text

Threat Analysis and Risk Assessment in Automotive Cyber Security

SAE International Journal of Passenger Cars - Electronic and Electrical Systems ◽

10.4271/2013-01-1415 ◽

2013 ◽

Vol 6 (2) ◽

pp. 507-513 ◽

Cited By ~ 16

Author(s):

David Ward ◽

Ireri Ibarra ◽

Alastair Ruddle

Keyword(s):

Risk Assessment ◽

Cyber Security ◽

Threat Analysis

Download Full-text

Study on the Security of Government Portal Websites

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.380-384.2534 ◽

2013 ◽

Vol 380-384 ◽

pp. 2534-2538

Author(s):

Zhao Zhang ◽

Fang Yong

Keyword(s):

Risk Assessment ◽

Assessment Model ◽

Risk Assessment Model ◽

Security Risk ◽

Threat Analysis ◽

The Government ◽

Security Risk Assessment ◽

Government Portal ◽

Portal Website ◽

Administrative Strategies

On the basis of threat analysis, the paper proposes a security risk assessment model for government portal website. Using the model, the paper systematically analyzes the security risk of government portal websites and then explains the reason of them. To enhance the security of government portal websites, both technical and administrative strategies were proposed. Those security strategies help improve the image of the government and it plays an important role in constructing service government.

Download Full-text

The Technology of Cyber Threat Analysis and Risk Assessment of Cybersecurity Violation of Critical Infrastructure

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2019-2-42-49 ◽

2019 ◽

pp. 42-49

Author(s):

Daria Gaskova ◽

◽

Aleksei Massel ◽

Keyword(s):

Risk Assessment ◽

Critical Infrastructure ◽

Threat Analysis ◽

Cyber Threat

Download Full-text

Cybersecurity Threat Analysis, Risk Assessment and Design Patterns for Automotive Networked Embedded Systems: A Case Study

JUCS - Journal of Universal Computer Science ◽

10.3897/jucs.72367 ◽

2021 ◽

Vol 27 (8) ◽

pp. 830-849

Author(s):

Jürgen Dobaj ◽

Damjan Ekert ◽

Jakub Stolfa ◽

Svatopluk Stolfa ◽

Georg Macher ◽

...

Keyword(s):

Risk Assessment ◽

Embedded Systems ◽

Design Patterns ◽

Automotive Sector ◽

Secure Systems ◽

Threat Analysis ◽

Networked Embedded Systems ◽

Current Stage

Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.

Download Full-text

Threat Analysis and Risk Assessment for Connected Vehicles: A Survey

Security and Communication Networks ◽

10.1155/2021/1263820 ◽

2021 ◽

Vol 2021 ◽

pp. 1-19

Author(s):

Feng Luo ◽

Yifan Jiang ◽

Zhaojing Zhang ◽

Yi Ren ◽

Shuo Hou

Keyword(s):

Risk Assessment ◽

Defense Mechanisms ◽

Early Stage ◽

Rapid Development ◽

Connected Vehicles ◽

Potential Threat ◽

Driving Experience ◽

Threat Analysis ◽

Vehicle Systems

With the rapid development of connected vehicles, people can get a better driving experience. However, the interconnection with the external network may bring growing accidents caused by cybersecurity vulnerabilities. As a result, automakers are paying more attention to cybersecurity and spending more cost on developing cybersecurity defense mechanisms. Threat analysis and risk assessment (TARA) is an efficient method to ensure the defense effect and greatly save costs in the early stage of vehicle development. It analyzes the threat of vehicle systems and determines the hierarchical defense and corresponding mitigations according to the potential threat to the system. This paper gives an overview of threat analysis and risk assessment in the automotive field. First, a novel classification of different TARA methods has been proposed. The existing methods have been analyzed and compared. Then, we have found some commonly used tools applied to TARA and compared their performance. After that, a concept named attack-defense mapping is proposed to figure out how to map the already found threats and vulnerabilities of the system to the appropriate mitigations. At last, the future development directions of TARA in the automotive domain have been discussed.

Download Full-text

TARA+: Controllability-aware Threat Analysis and Risk Assessment for L3 Automated Driving Systems

2019 IEEE Intelligent Vehicles Symposium (IV) ◽

10.1109/ivs.2019.8813999 ◽

2019 ◽

Author(s):

Anastasia Bolovinou ◽

Ugur-Ilker Atmaca ◽

Al Tariq Sheik ◽

Obaid Ur-Rehman ◽

Gerhard Wallraf ◽

...

Keyword(s):

Risk Assessment ◽

Automated Driving ◽

Threat Analysis

Download Full-text

RooT37 – CUTA’s TRA Tool in Response to a Changing Threat Landscape

NATO Science for Peace and Security Series – E: Human and Societal Dynamics - Terrorism Risk Assessment Instruments ◽

10.3233/nhsdp210011 ◽

2021 ◽

Author(s):

Astrid Boelaert ◽

Ben Thys ◽

Matthias Van Hoey

Keyword(s):

Risk Assessment ◽

Assessment Tool ◽

Action Plan ◽

Risk Assessment Tool ◽

Risk Indicators ◽

Coordination Unit ◽

Threat Analysis ◽

Threat Level ◽

Professional Judgments ◽

Information Gaps

In this chapter the authors discuss the establishment of the Belgian ‘Coordination Unit for Threat Analysis’ (CUTA), its remits and fields of competence and how its scope was widened in the last few years because of changes in the threat landscape of problematic radicalization, extremism and terrorism and the changing tactics of the Belgian government to tackle them. In the second part of this chapter the authors elaborate on ‘RooT37’, a risk assessment tool that was tailor-made by CUTA to address its newly assigned tasks in the framework of the revised Belgian Action Plan on Radicalism. The tool takes several risk indicators into account to aid CUTA’s experts in making structured professional judgments about threats and risks posed by monitored individuals, and semi-automatically produces a threat level. Furthermore, it provides CUTA’s support agencies with clues for further investigation based on discovered information gaps through the assessment. Finally, it also points out opportunities for coordinated intervention by partner services to reduce the risk posed by monitored individuals. Certain characteristics of the methodology of the tool are described in more detail, as well as its advantages and some challenges for the future.

Download Full-text

Risk assessment model for TPCM based on threat analysis

2011 International Conference on Computer Science and Service System (CSSS) ◽

10.1109/csss.2011.5974873 ◽

2011 ◽

Author(s):

Dan Wang ◽

Yi Wu

Keyword(s):

Risk Assessment ◽

Assessment Model ◽

Risk Assessment Model ◽

Threat Analysis

Download Full-text