Article

A Comprehensive Risk Management Approach to Information Security in Intelligent Transport Systems

Authors:
Tom Vogt at KRITIS & cyber GmbH
Tom Vogt
  • KRITIS & cyber GmbH
Edvin Spahovic
Edvin Spahovic
Edvin Spahovic
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Thomas Doms at TÜV AUSTRIA
Thomas Doms
  • TÜV AUSTRIA
Rainer Seyer
Rainer Seyer
Rainer Seyer
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Show all 14 authorsHide
Download citation
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Nevertheless, the existing TARA methodologies lack granularity and are no-ready-to-use methods [55]. Moreover, there is still a lack of in-depth descriptions on the appropriateness of TARA framework regarding CAV's specific assets and properties. ...
... One of the pioneering comprehensive methods combining both threat modelling and RA is the Failure Mode and Effects Analysis (FMEA) [55]. It is an industry wide accepted process which evaluates the modes, causes and effects of a failure based on the IEC 60812 standard [55]. ...
... One of the pioneering comprehensive methods combining both threat modelling and RA is the Failure Mode and Effects Analysis (FMEA) [55]. It is an industry wide accepted process which evaluates the modes, causes and effects of a failure based on the IEC 60812 standard [55]. The methodology was initially developed for safety analysis, but it was extended to cover cyber-physical security. ...
View
... TARA Enhanced TARA [73,74] Data classification and categorization [76] Encryption Encrypting essential data to ensure the confidentiality of information. ...
... The contribution of text[73] shifts the focus from procedural adjustments to quantitative recommendations, aiming to improve the risk matrix and, thus, the objectivity of the assessment. Vogt et al.[74] proposed a comprehensive TARA methodology for cooperative intelligent transport systems (C-ITS) that includes ICVs, combining qualitative and quantitative threat modeling and risk scoring tools to provide flexibility in asset assessment for any C-ITS.The data security analysis of ICVs should start from https://mc03.manuscriptcentral.difficult to meet data security needs. ...
CHAINS: CHAIN-Based Fusion Safety System Framework for Intelligent Connected Vehicle
Article
Full-text available
  • Mar 2024
Intelligent connected vehicles, as the focus of the global automotive industry, are currently at a critical stage of large-scale commercialization. However, during the development process of vehicles from mechanical systems with limited functions to mobile intelligence with complex and multiple functions, the issues of functional safety, cybersecurity, and safety of the intended functionality are the main challenges of the industrialization of intelligent connected vehicles, including multiple safety risks such as hardware and software failures, insufficient performance in edge scenarios, cyber-attacks and data leakage. In this paper, the safety and security issues of intelligent connected vehicles, the challenges posed by emerging technology applications, and related solutions are systematically reviewed and summarized. A fusion safety system framework with the safety cube as the core of protection and control is proposed innovatively based on a field-vehicle-human safety interactional model, realizing stereoscopic, deep, and comprehensive safety protection through end-cloud collaboration. Meanwhile, an X-shaped fusion safety development process based on CHAIN is proposed. Through the empowerment of digital twin and AI technologies, it could approach interaction between physical entities and digital twin models and the automation of the development process, thereby satisfying the demands of fusion safety system design, intelligent development, rapid delivery, and continuous iteration. The fusion safety system framework and X-shaped development process proposed in this paper can provide important insight into intelligent transportation vehicles and systems' safety and security design and development.
View
... Being highly aware of the TARA limitations within the CAV's landscape [30], researchers oriented their efforts towards enhancing TARA either by combining it to other risk assessment methodologies, by tweaking its threat modelling or by extending its risk factors. Agrawal et al. [36] proposed Threat/Hazard Analysis and Risk Assessment (THARA) to unify security and safety concepts by integrating the controllability metric from Automotive Safety Integrity Levels (ASIL) [48] into HARA for addressing safety-critical attacks in L3 onwards CAVs. Similarly, Vogt et al. [37] combined Failure Mode and Effects Analysis (FMEA) from HARA with TARA for quantitative risk analysis, while Dobaj et al. [38] merged TARA 1.0 with Automotive Software Process Improvement and Capability dEtermination (A-SPICE) [49] to derive cybersecurity requirements iteratively. ...
TARA 2.0 for Connected and Automated Vehicles
Article
Full-text available
  • Jan 2025
  • IEEE T INTELL TRANSP
Connected Automated Vehicles (CAVs) represent a transformative shift in transportation, offering enhanced safety, and efficiency. However, achieving full automation at levels four and five of the Society of Automotive Engineering (SAE) scale poses significant cybersecurity and privacy risks. To address these risks, United Nations Economic Commission for Europe (UNECE) regulations and ISO/SAE 21434 mandate Threat Analysis and Risk Assessment (TARA) as a core methodology for cyber risk management. Existing TARA frameworks, designed for conventional vehicles, fall short for higher automation levels, neglecting complexities such as the absence of human control and data-driven decision making concerns. This work, conducted within ULTIMO, a project tackling the CAVs deployment challenges, introduces TARA 2.0, an enhanced framework addressing cybersecurity, privacy, and expert subjectivity in risk assessment. A step-by-step experimental implementation demonstrates its feasibility, compliance with standards, and potential to secure the deployment of fully automated vehicles.
View
... In a risk management-based approach, Schmittner et al. [13] discussed an asset based automotive cybersecurity risk management approach stemming from ISO/SAE 21434. Furthermore, Vogt et al. [19] presented the interaction between safety and security through the ISO 26262 and ISO/SAE 21434 respectively. To that end, those approaches outlined succinct risk assessment methodologies without reflecting other SDO's standards. ...
View
... Both publications presented systematic risk assessment frameworks; however, the proposed models do not align with recent standards. More compliant approaches to the trending ISO/SAE 21434 were proposed by Lautenbach et al. [23] and Vogt et al. [24]; however, they are limited to conventional vehicles without targeting either CAVs or ACSs assets. ...
Symbiotic Analysis of Security Assessment and Penetration Tests Guiding Real L4 Automated City Shuttles
Article
Full-text available
  • Mar 2023
The Connected Automated Vehicle (CAV)’s deployment is proof of the wide evolution of autonomous driving technologies enabling vehicles to gradually dispose of their drivers. Within the scope of smart cities, such innovation has given rise to a new type of CAV: the Automated City Shuttle (ACS). Foreseen as the new paradigm aiming to shape the public transport model, the ACS elicits a plurality of new applications, such as the on-demand service in which a driverless shuttle offers the desired ride without human intervention. However, such a model raises cybersecurity concerns through the numerous attack surfaces and vehicle hyperconnection. This phenomenon was highlighted in several studies on CAVs, but very few research works tackled the specific case of ACSs, whose challenges and risks far exceed those of personal vehicles. The present work offers a comprehensive investigation of cybersecurity attacks, demonstrates a performed risk assessment based on the ISO/SAE 21434 standard, and showcases a penetration test over a real ACS of automation level four (L4) according to the Society of Automotive Engineering (SAE)’s ranking. Based on our experiments, we leverage fundamental cybersecurity recommendations with a focus on the ACS’s physical security.
View
Perspective: A Novel Resilient Cybersecurity Management System for Connected and Automated Vehicles
Article
  • May 2025
Technologies such as Advanced Driving Assistance System (ADAS) and Vehicle-to-Everything (V2X) in Connected and Automated Vehicles (CAVs) have greatly enhanced the comfort and convenience of driving. However, the increasing levels of intelligence and connectivity also expose CAVs to severe cybersecurity risks. The vehicles, Internet of Vehicles (IoV) and the cloud servers for CAVs are vulnerable to cyberattacks. Furthermore, many standards and regulations require Original Equipment Manufacturers (OEMs) to consider potential cybersecurity threats when designing and developing CAV products. Consequently, ensuring the cybersecurity for vehicles, networks, and the cloud has become a critical issue that OEMs must address. However, the vast number of CAVs and the variety of the vehicular network make it difficult for the existing cybersecurity assessment and protection methods to satisfy the requirements of the entire vehicle, IoV and cloud. This paper reviews the cybersecurity requirements and potential vulnerabilities of CAVs, the IoV, and cloud servers. Existing cybersecurity assessment, protection and operation methods are summarized. A novel resilient cybersecurity management system is proposed to address the cybersecurity challenges of CAVs. This proposed system can orchestrate management policies and allocate resources based on the urgency of cybersecurity tasks across the vehicle, IoV and cloud, which is suitable for the rapidly evolving CAVs and the continuously expanding services.
View
Comprehensive Evaluation About Functional Elements of Intelligent Vehicle Cyber Physical System Based on the Normal Cloud Model
Article
  • Jan 2023
The development of intelligent vehicles (IV) promotes smart transportation, and cyber physical systems (CPS) offers the possibility to address the increasingly prominent intelligent transportation management needs and data problems. The IVCPS is a technological integration of IV, CPS, traffic science, and transportation engineering, representing an emerging interdisciplinary complex system. In order to accurately and comprehensively assess the intrinsic functional elements of IVCPS, this article constructs the framework of IVCPS evaluation, and proposes a comprehensive evaluation method of functional elements of IVCPS based on the cloud model that can perform synergistic analysis of quantitative and qualitative indicators. The index weights are determined by a combination of assignment methods to construct the IVCPS functional element evaluation system. The primary indicators and the secondary indicators are selected and evaluated. The cloud numerical characteristics of the evaluation indexes under the secondary evaluation indexes of IVCPS are calculated by using cloud model algorithm, and the cloud numerical characteristics of the evaluation of the whole system can be obtained. The IVCPS comprehensive evaluation cloud model can refine the key features of the system, and then some targeted suggestions are proposed.
View
A Data-Driven Method for Diagnosing ATS Architecture by Anomaly Detection
Chapter
  • Jan 2022
Autonomous Transport System (ATS) architectures enable a wide range of new applications and bring significant benefits to transport systems. However, during the design stage, errors of the architecture can have an impact on the smooth implementation of the ATS, which will endanger the normal operation of the transport systems. To ensure a high autonomy of the ATS architecture, i.e., “functionally evolvable, logically reconfigurable and physically configurable”, the detection of ATS architecture design errors is essential. This paper aims to fill the research gap in the existing research on diagnosing or evaluating ATS architectures. Inspired by word embedding models in natural language processing communities, we propose a data-driven approach to diagnose ATS architectures without prior knowledge or rules. We use an architecture embedding model to generate vector representations of ATS architectures, then train the model through negative sampling of the training dataset to identify the features of abnormal ATS architecture. Finally, we employ the trained model to classify structural errors of the test dataset generated from the ATS architecture. The experimental results show that the proposed method gains a relatively good effect of classifying with an average accuracy of 79.3%, demonstrating the effectiveness of the method.KeywordsAutonomous Transport SystemArchitecture embedding modelTriple classificationVector computation
View
Qualitative and Quantitative Analysis of CFTs Taking Security Causes into Account
Conference Paper
Full-text available
  • Sep 2015
  • Lect Notes Comput Sci
Component fault trees that contain safety basic events as well as security basic events cannot be analyzed like normal CFTs. Safety basic events are rated with probabilities in an interval [0,1], for security basic events simpler scales such as {low, medium, high} make more sense. In this paper an approach is described how to handle a quantitative safety analysis with different rating schemes for safety and security basic events. By doing so, it is possible to take security causes for safety failures into account and to rate their effect on system safety.
View
Security Application of Failure Mode and Effect Analysis (FMEA)
Conference Paper
Full-text available
  • Sep 2014
  • Lect Notes Comput Sci
Increasingly complex systems lead to an interweaving of security, safety, availability and reliability concerns. Most dependability analysis techniques do not include security aspects. In order to include security, a holistic risk model for systems is needed. In our novel approach, the basic failure cause, failure mode and failure effect model known from FMEA is used as a template for a vulnerability cause-effect chain, and an FMEA analysis technique extended with security is presented. This represents a unified model for safety and security cause-effect analysis. As an example the technique is then applied to a distributed industrial measurement system.
View
A Survey of Approaches Combining Safety and Security for Industrial Control Systems
Article
Full-text available
  • Feb 2015
  • RELIAB ENG SYST SAFE
The migration towards digital control systems creates new security threats that can endanger the safety of industrial infrastructures. Addressing the convergence of safety and security concerns in this context, we provide a comprehensive survey of existing approaches to industrial facility design and risk assessment that consider both safety and security. We also provide a comparative analysis of the different approaches identified in the literature. Free download of the article on the following link until May 21, 2015 http://authors.elsevier.com/a/1Qn-43OQ~f8zFQ
View
Measuring and Managing Information Risk: A FAIR Approach
Book
  • Sep 2014
Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk.
View
View
View
Safety and Security Co-Analyses: A Systematic Literature Review
Article
  • Dec 2018
Latest technological trends lead toward systems connected to public networks even in critical domains. Bringing together safety and security work is becoming imperative, as a connected safety-critical system is not safe if it is not secure. The main objective of this study is to investigate the current status of safety and security co-analysis in system engineering by conducting a systematic literature review. The steps of the review are the following: the research questions identification; agreement upon a search string; applying the search string to chosen databases; a selection criterion formulation for the relevant publications filtering; selected papers categorization and analysis. We focused on the early system development stages and identified 33 relevant publications categorized as follows: combined safety and security approaches that consider the mutual influence of safety and security; safety-informed security approaches that consider influence of safety on security; and security-informed safety approaches that consider influence of security on safety. The results showed that a number of identified approaches are driven by needs in fast developing application areas, e.g., automotive, while works focusing on combined analysis are mostly application area independent. Overall, the study shows that safety and security co-analysis is still a developing domain.
View
Securing the Automotive Critical Infrastructure
Chapter
  • Jan 2017
As increasingly more vehicles are becoming interconnected and interact with their surroundings, i.e., the emergence of the connected car, we see a greater need for cyber security solutions applied within the automotive industry and transportation systems. Since millions of vehicles and potentially human lives could be affected, the connected car scenario can be seen as a critical infrastructure where both security and safety are equally paramount. It is imperative to consider appropriate cyber security solutions, and especially take into consideration solutions that will fulfill automotive requirements in terms of safety, performance and cost. This chapter explores automotive security advancements such as automotive-grade hardware security modules, secure vehicle-to-X (V2X, i.e., vehicle-to-vehicle and vehicle-to-infrastructure) communications, secure in-vehicle communications and embedded security evaluations of automotive components. Automotive hardware security based on EVITA, serves as a trust anchor where additional security solutions can be built upon. V2X communication is protected based on established industry standards to provide both authenticity and privacy. A Secure Onboard Communication module is responsible for providing secure in-vehicle network communication. For security evaluations, both theoretical evaluations and practical security testing of embedded systems are becoming increasingly important. Above security advancements provide an insight into what is necessary to protect a critical infrastructure such as transportation systems.
View
FMVEA for Safety and Security Analysis of Intelligent and Cooperative Vehicles
Conference Paper
  • Sep 2014
  • Lect Notes Comput Sci
Safety and security are two important aspects in the analysis of cyber-physical systems (CPSs). In this short paper, we apply a new safety and security analysis method to intelligent and cooperative vehicles, in order to examine attack possibilities and failure scenarios. The method is based on the FMEA technique for safety analysis, with extensions to cover information security. We examine the feasibility and efficiency of the method, and determine the next steps for developing the combined analysis method.
View
View
View
Hackers Remotely Kill a Jeep on the Highway with me in it
  • Jan 2015
  • W Curtis
W. Curtis, "Hackers Remotely Kill a Jeep on the Highway with me in it." 2015 [Online]. Available: https://downloads.cloudsecurityalliance.org/assets/research/internet-of-things/connected-vehicle-security.pdf.
Hacking a Tesla Model S: What we found and what we learned
  • Jul 2015
  • 8
  • Kevin Mahaffey
Kevin Mahaffey, "Hacking a Tesla Model S: What we found and what we learned." Lookout, 08-Jul-2015 [Online]. Available: https://blog.lookout.com/hacking-a-tesla
free-fall-hacking-tesla-from-wireless-to-can-bus
  • 16
  • S Nie
  • L Liu
  • Y Du
S. Nie, L. Liu, and Y. Du, "free-fall-hacking-tesla-from-wireless-to-can-bus," p. 16.
Highly Automated Driving The new challenges for Functional Safety and Cyber Security
  • Jan 2018
  • Tuev Austria Virtual
  • Vehicle
TUEV AUSTRIA Virtual Vehicle, "Highly Automated Driving The new challenges for Functional Safety and Cyber Security." 2018 [Online]. Available: https://www.tuv.at/fileadmin/user_upload/docs/group/innovation/tuv-austria-whitepaper-iv-highly-automated-driving_web.pdf.
Why We Cannot (Yet) Ensure the Cyber-Security of Safety-Critical Systems
  • Jan 2016
  • C Johnson
C. Johnson, "Why We Cannot (Yet) Ensure the Cyber-Security of Safety-Critical Systems." 2016 [Online]. Available: hhttps://www.tuv.at/fileadmin/user_upload/docs/group/innovation/tuv-austria-white-paper-iv-highly-automated-driving_web.pdf.
Risikomanagement -Grundsaetze und Richtlinien
  • Jan 2009
International Organization for Standardization (ISO), Risikomanagement -Grundsaetze und Richtlinien. 2009.
Risk Management -Guidelines, 2. Auflage
  • Jan 2018
International Organization for Standardization (ISO), ISO 31000:2018 Risk Management -Guidelines, 2. Auflage. 2018.
BS 7799 Code of Practise for Information Security Management
  • Jan 1995
  • British Standard Institute
British Standard Institute, "BS 7799 Code of Practise for Information Security Management." 1995.
Information technology -Security techniques -Information security risk management
  • Jan 2018
International Organization for Standardization (ISO), "ISO/IEC 27005:2018 Information technology -Security techniques -Information security risk management." 2018 [Online]. Available: http://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/07/52/75281.html.
Risk Management -Principles and Guidelines
  • Jan 2009
International Organization for Standardization (ISO), ISO 31000:2009 Risk Management -Principles and Guidelines. 2009.
ISA/IEC 62443 Standard Specifies Security Capabilities for Control System Components
  • Jan 2018
International Society of Automation (ISA), "ISA/IEC 62443 Standard Specifies Security Capabilities for Control System Components." 2018 [Online]. Available: https://www.isa.org/intech/201810standards/.
Towards Integrated Quantitative Security and Safety Risk Assessment
  • Jan 2019
  • 102-116
  • J Dobaj
  • C Schmittner
  • M Krisper
  • G Macher
J. Dobaj, C. Schmittner, M. Krisper, and G. Macher, "Towards Integrated Quantitative Security and Safety Risk Assessment," in International Conference on Computer Safety, Reliability, and Security, 2019, pp. 102-116.
IEC 60812 Failure modes and effects analysis (FMEA and FMECA)
  • Jan 2018
IEC, IEC 60812 Failure modes and effects analysis (FMEA and FMECA). 2018.
How Threat Intelligence Can Drive Risk Analysis
  • Jan 2016
  • W Baker
W. Baker, "How Threat Intelligence Can Drive Risk Analysis," 2016. [Online]. Available: https://www.fairinstitute.org/blog/how-threat-intelligence-can-drive-risk-analysis.
The Diamond Model of Intrusion Analysis
  • Jan 2015
  • 62
  • S Caltagirone
  • A Pendergast
  • C Betz
S. Caltagirone, A. Pendergast, and C. Betz, "The Diamond Model of Intrusion Analysis," Journal of Strategic Studies, vol. 38, p. 62, 2015.
  • Sep 2016
  • A Safecomp
  • J Skavhaug
  • F Guiochet
  • Bitsch
SAFECOMP, A. Skavhaug, J. Guiochet, and F. Bitsch, Eds., Computer safety, reliability, and security: 35th international conference, SAFECOMP 2016, Trondheim, Norway, September 21-23, 2016: proceedings. Cham: Springer International Publishing Switzerland, 2016.
SAE J3061, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
  • Jan 2016
  • 52
Society of Automotive Engineers (SAE), "SAE J3061, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems," Nr, vol. 1, p. 52, 2016.
ISO26262-3: Concept phase
  • Jan 2018
International Organization for Standardization (ISO), "ISO26262-3: Concept phase." 2018.
Threat Assessment and Remediation Analysis (TARA)
  • Jul 2015
  • J E Wynn
J. E. Wynn, "Threat Assessment and Remediation Analysis (TARA)," 27-Jul-2015. [Online]. Available: https://www.mitre.org/publications/technical-papers/threat-assessment-and-remediation-analysis-tara.