An Integrated View on Automotive SPICE, Functional Safety and Cyber-Security 2020-01-0145
Automotive domain has seen safety engineering at the forefront of the industry’s priorities for the last decade. Therefore, additional safety engineering efforts, design approaches and well-established safety processes have been stipulated. Today many connected and automated vehicles are available and connectivity features and information sharing is increasingly used. This increases the attractiveness of an attack on vehicles and thus introduces new risks for vehicle cyber-security. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles.
Aware of this fact, the automotive industry has therefore recently taken multiple efforts in designing and producing safe and secure connected and automated vehicles. As the domain geared up for the cyber-security challenges, they leveraged experiences from many other domains, but nevertheless, must face several unique challenges. For that aim, the domain invested efforts in the development of industry standards to tackle automotive cyber-security issues and protect their assets. The joint working group of the standardization organizations ISO and SAE has recently also established and published a committee draft of the ”ISO/SAE CD 21434 Road Vehicles - Cybersecurity Engineering” standard. In addition to that also other efforts have been taken. This paper will summarize the previous results and extensions of the SoQrates assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation, also in relation to the recent ISO/SAE CD 21434.
Georg Macher, Christoph Schmittner, Jürgen Dobaj, Eric Armengaud, Richard Messnarz
Graz University of Technology, Austrian Institute of Technology (AIT), AVL LIST GmbH, ISCN GmbH