Browse Publications Technical Papers 2021-01-0138

Cybersecurity Metrics for Automotive Systems 2021-01-0138

Cybersecurity for automotive systems is challenging and one of the major challenges is how to measure this system property. We present in this paper the context surrounding cybersecurity metrics from literature and highlight the first potential steps towards a common understanding of how much cybersecurity is enough. With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the new ISO/SAE 21434 cybersecurity standard for automotive systems and cybersecurity regulations in UNECE WP.29, it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. The main contribution of this paper is contextualization of existing metrics and mapping out how they may fit within a standardized framework. We highlight the challenges to create awareness around the lack of common understanding and outline first potential steps towards a consensus. For example, one can consider assurance levels as a form of metric. Since guarantees of security are not possible, verification and validation methods such as various forms of testing can be used to give an assurance of security. For the automotive industry, there has been much discussion around cybersecurity assurance levels (CALs) which are outlined in the ISO/SAE 21434 draft standard. The CAL can for instance range from a value of 1 to 4, subsequently increasing scope, extent and depth of assurance activities to be performed to achieve that level of assurance. A common understanding of the answer to “how much cybersecurity is enough?” will inspire greater confidence in practitioners who design and test the technical measures, in industry with regards to a balanced approach to cybersecurity and ultimately, in consumers who need to know that the products that they buy will be safe and secure.


Subscribers can view annotate, and download all of SAE's content. Learn More »


Attention: This item is not yet published. Pre-Order to be notified, via email, when it becomes available.
Members save up to 18% off list price.
Login to see discount.
Special Offer: Download multiple Technical Papers each year? TechSelect is a cost-effective subscription option to select and download 12-100 full-text Technical Papers per year. Find more information here.