No Cover Image

Conference Paper/Proceeding/Abstract 590 views

Cybersecurity Assurance Challenges for Future Connected and Automated Vehicles

Luis-Pedro Cobos, Alastair R. Ruddle, Giedre Sabaliauskaite Orcid Logo

Proceedings of the 31st European Safety and Reliability Conference (ESREL 2021)

Swansea University Author: Giedre Sabaliauskaite Orcid Logo

Full text not available from this repository: check for access using links below.

DOI (Published version): 10.3850/978-981-18-2016-8_412-cd

Abstract

Increases in the connectivity of vehicles and automation of driving functions, with the goal of fully automated driving, are expected to bring many benefits to individuals and wider society. However, these technologies may also create new cybersecurity threats to vehicle user privacy, the finances o...

Full description

Published in: Proceedings of the 31st European Safety and Reliability Conference (ESREL 2021)
ISBN: 978-981-18-2016-8
Published: Singapore Research Publishing Services 2021
URI: https://cronfa.swan.ac.uk/Record/cronfa61835
Abstract: Increases in the connectivity of vehicles and automation of driving functions, with the goal of fully automated driving, are expected to bring many benefits to individuals and wider society. However, these technologies may also create new cybersecurity threats to vehicle user privacy, the finances of vehicle users and mobility service operators, and even the physical safety of vehicle occupants and other road users. Assuring the cybersecurity of future vehicles will therefore be key to achieving the acceptability of these new automotive technologies to society. However, traditional prescriptive assurance methods will not work for vehicle cybersecurity, due to the evolving threats, through-life software updates, and the deployment of artificial intelligence techniques. Cybersecurity regulations that are goal-oriented and risk-based, like those increasingly used in safety engineering for complex systems, are now mandated in recent vehicle type approval regulations. This results in many new assurance challenges, which will not be limited purely to cybersecurity. In particular, emerging standards have proposed that an assurance case approach should be adopted in relation to cybersecurity. This paper therefore proposes a novel cybersecurity case framework that adapts existing approaches from safety engineering, emphasizes the limitations of the analysis through eliminative argumentation, and merges in the attack-defence tree techniques used in cybersecurity engineering, with the aim of providing a better reflection of the some of the uncertainties in the cybersecurity risk analysis.
College: Faculty of Science and Engineering