A review of threat analysis and risk assessment methods in the automotive context

Abstract

Consumer demands for advanced automotive assistant systems and connectivity of cars to the internet make cyber-security an important requirement for vehicle providers. As vehicle providers gear up for the cyber security challenges, they can leverage experiences from many other domains, but nevertheless, must face several unique challenges. Thus, several security standards are well established and do not need to be created from scratch. The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides information and highlevel principles for automotive organizations to identify and assess cybersecurity threats and design cyber-security aware systems. In the course of this document, a review of available threat analysis methods and the recommendations of the SAE J3061 guidebook regarding threat analysis and risk assessment method (TARA) is given. The aim of this work is to provide a position statement for the discussion of available analysis methods and their applicability for early development phases in context of ISO 26262 and SAE J3061.