Abstract
The Automotive SPICE for Cybersecurity Assessment Model has been published as a first version in February 2021. It will be used for cybersecurity homologation assessments of projects. A new UNECE norm requires from summer 2022 onwards the presence of a CSMS (Cybersecurity Management System) for organisations and the VDA AK13 published in Feb 2021 a new assessment model for the cybersecurity of Automotive development projects. The SOQRATES group as a working party of Automotive suppliers and research and training bodies has developed a cybersecurity engineer job role and training and best practice examples of how to cover the new security engineering practices. Also, first trials of using the new security related questions have been done and first experiences are shared in this paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Automotive SPICE © 3.1, Process Assessment Model, VDA QMC Working Group 13/Automotive SIG, November 2017
Automotive SPICE © Guidelines, 2nd Edition Nov 2017, VDA QMC Working Group 13, November 2017
Automotive SPICE for Cybersecurity, 1st Edition, Feb. 2021, VDA QMC Working Group 13 February 2021
Armengaud, E., et al.: Development framework for longitudinal automated driving functions with off-board information integration. arXiv preprint arXiv:1906.10009 (2019)
Biró, M., Messnarz, R.: Key success factors for business based improvement. In: Proceedings of the EuroSPI 1999 Conference. Pori, 1999. Pori School of Technology and Economics. Ser. A., p. 25 (1999)
Ekert, D., Messnarz, R., Norimatsu, S., Zehetner, T., Aschbacher, L.: Experience with the performance of online distributed assessments – using advanced infrastructure. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 629–638. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_47
EU Blueprint Project DRIVES. https://www.project-drives.eu/. Accessed 6 Apr 2021
European Sector Skill Council: Report, Eu Skill Council Automotive Industry (2013)
Feuer, E., Messnarz, R., Sanchez, N.: Best practices in e-commerce: strategies, skills, and processes. In: Smith, B.S., Chiozza, E. (eds.) Proceedings of the E2002 Conference, E-Business and E-Work, Novel Solutions for a Global Networked Economy. IOS Press, Amsterdam (2002)
Höhn, H., Sechser, B., Dussa-Zieger, K., Messnarz, R., Hindel, B.: Software engineering nach automotive SPICE: Entwicklungsprozesse in der Praxis-Ein Continental-Projekt auf dem Weg zu Level 3, Kapitel: Systemdesign, dpunkt. Verlag (2015)
Innerwinkler, P., et al.: TrustVehicle – improved trustworthiness and weather-independence of conditionally automated vehicles in mixed traffic scenarios. In: Dubbert, J., Müller, B., Meyer, G. (eds.) Advanced Microsystems for Automotive Applications 2018: Smart Systems for Clean, Safe and Shared Road Vehicles, pp. 75–89. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-99762-9_7
ISO - International Organization for Standardization. “ISO 26262 Road vehicles Functional Safety Part 1–10” (2011)
ISO – International Organization for Standardization. “ISO CD 26262-2018 2nd Edition Road vehicles Functional Safety” (2018)
Korsaa, M., et al.: The SPI Manifesto and the ECQA SPI manager certification scheme. J. Softw.: Evol. Process 24(5), 525–540 (2012)
Korsaa, M., et al.: The people aspects in modern process improvement management approaches. J. Softw.: Evol. Process 25(4), 381–391 (2013)
Christian, K., Messnarz, R., Riel, A., et al.: The AQUA automotive sector skills alliance: best practice in an integrated engineering approach. Softw. Qual. Prof. 17(3), 35–45 (2015)
Messnarz, R., et al.: Integrating functional safety, automotive SPICE and six sigma – the AQUA knowledge base and integration examples. In: Barafort, Béatrix., O’Connor, Rory V., Poth, Alexander, Messnarz, Richard (eds.) EuroSPI 2014. CCIS, vol. 425, pp. 285–295. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43896-1_26
Kreiner, C., et al.: Automotive knowledge alliance AQUA – integrating automotive SPICE, six sigma, and functional safety. In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 333–344. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39179-8_30
Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting cyber-security based on hardware-software interface definition. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) Systems, Software and Services Process Improvement: 23rd European Conference, EuroSPI 2016, Graz, Austria, September 14-16, 2016, Proceedings, pp. 148–159. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44817-6_12
Macher, G., Messnarz, R., Kreiner, C., et al.: Integrated safety and security development in the automotive domain, Working Group 17AE-0252/2017-01-1661. SAE International, June 2017
Macher, G., Much, A., Riel, A., Messnarz, R., Kreiner, C.: Automotive SPICE, safety and cybersecurity integration. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 273–285. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_23
Macher, G., Diwold, K., Veledar, O., Armengaud, E., Römer, K.: The quest for infrastructures and engineering methods enabling highly dynamic autonomous systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 15–27. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_2
Macher, G., Druml, N., Veledar, O., Reckenzaun, J.: Safety and security aspects of fail-operational urban surround perceptION (FUSION). In: Papadopoulos, Yiannis, Aslansefat, K., Katsaros, P., Bozzano, M. (eds.) IMBSA 2019. LNCS, vol. 11842, pp. 286–300. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32872-6_19
Messnarz, R., et al.: Integrated automotive SPICE and safety assessments. Softw. Process: Improv. Pract. 14(5), 279–288 (2009). https://doi.org/10.1002/spip.429
Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Softw. Qual. Prof. 18, 13 (2016)
Messnarz, R., König, F., Bachmann, V.: Experiences with trial assessments combining automotive spice and functional safety standards. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds.) Systems, Software and Services Process Improvement, pp. 266–275. Springer, Berlin (2012). https://doi.org/10.1007/978-3-642-31199-4_23
Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Softw. Qual. Prof. 18(4), 13–23 (2016)
Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, Alastair, O’Connor, Rory V., Messnarz, Richard (eds.) Systems, Software and Services Process Improvement: 26th European Conference, EuroSPI 2019, Edinburgh, UK, September 18–20, 2019, Proceedings, pp. 549–562. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_42
Messnarz, R., Ekert, D.: Assessment-based learning systems - learning from best projects. Softw. Process Improv. Pract. 12(6), 569–577 (2007). https://doi.org/10.1002/spip.347
Messnarz, R., Much, A., Kreiner, C., Biro, M., Gorner, J.: Need for the continuous evolution of systems engineering practices for modern vehicle engineering. In: Stolfa, J., Stolfa, S., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2017. CCIS, vol. 748, pp. 439–452. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_36
Messnarz, R., Macher, G., Stolfa, J., Stolfa, S.: Highly autonomous vehicle (system) design patterns – achieving fail operational and high level of safety and security. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 465–477. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_36
Messnarz, R., et al.: Automotive cybersecurity engineering job roles and best practices – developed for the EU blueprint project DRIVES. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 499–510. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_37
SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, SAE - Society of Automotive Engineers, USA, January 2016
Schlager, C., Messnarz, R., Sporer, H., Riess, A., Mayer, R., Bernhardt, S.: Hardware SPICE extension for automotive SPICE 3.1. In: Larrucea, X., Santamaria, I., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2018. CCIS, vol. 896, pp. 480–491. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_41
Schmittner, C., et al.: Smart industrial indoor farming-Technical and societal challenges. In: IDIMT 2019: Innovation and Transformation in a Digital World-27th Interdisciplinary Information Management Talks, Trauner Verlag Universitat, pp. 401–409 (2019)
Schmittner, C., Macher, G.: Automotive cybersecurity standards - relation and overview. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds.) Computer Safety, Reliability, and Security: SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Turku, Finland, September 10, 2019, Proceedings, pp. 153–165. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26250-1_12
SOQRATES: Task forces developing integration of automotive SPICE, ISO 26262 and SAE J3061. http://soqrates.eurospi.net/
SPI Manifesto: http://2018.eurospi.net/index.php/manifesto. Accessed 2 Apr 2019
Stolfa, J., et al.: Automotive quality universities - AQUA alliance extension to higher education. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) Systems, Software and Services Process Improvement: 23rd European Conference, EuroSPI 2016, Graz, Austria, September 14-16, 2016, Proceedings, pp. 176–187. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44817-6_14
Stolfa, J., et al.: Automotive engineering skills and job roles of the future? In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 352–369. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_26
Stolfa, J., et al.: DRIVES—EU blueprint project for the automotive sector—A literature review of drivers of change in automotive industry. J. Softw.: Evol. Process 32(3), e2222 (2020)
Veledar, O., Damjanovic-Behrendt, V., Macher, G.: Digital Twins for dependability improvement of autonomous driving. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 415–426. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_32
Wegner, T., et al.: Enough assessment guidance, it’s time for improvement – a proposal for extending the VDA guidelines. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 462–476. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_34
Automotive Cybersecurity Management System Audit Guideline, 1st Edition, VDA-QMC, December 2020
ISO 21434ISO/SAE 21434 DIS, Road vehicles – Cybersecurity engineering, DIS version, February 2020
“The STRIDE Threat Model”. Microsoft
Acknowledgements
We are grateful to the European Commission which has funded the BLUEPRINT project DRIVES (2018–2021) [7, 8, 29, 32, 39,40,41]. In this case the publications reflect the views only of the author(s), and the Commission cannot be held responsible for any use, which may be made of the information contained therein.
Work is partially supported by Grant of SGS No. SP2020/62, VŠB - Technical University of Ostrava, Czech Republic.
We are grateful to a working party of Automotive suppliers SOQRATES [37] (https://soqrates.eurospi.net) who exchange knowledge about such assessment strategies. This includes: Böhner Martin (Elektrobit), Brasse Michael(HELLA), Bressau Ernst (BBraun), Dallinger Martin (ZF), Dorociak Rafal (HELLA), Dreves Rainer (Continental Automotive), Ekert Damjan (ISCN), Forster Martin (ZKW), Geipel Thomas (BOSCH), Grave Rudolf (Elektrobit), Griessnig Gerhard (AVL), Gruber Andreas (ZKW), Habel Stephan (Continental Automotive), Hällmayer Frank (Software Factory), Haunert Lutz (Giesecke & Devrient), Karner Christoph (KTM), Kinalzyk Dietmar (AVL), König Frank (ZF), Lichtenberger Christoph (MAGNA ECS), Lindermuth Peter (Magna Powertrain), Macher Georg (TU Graz & ISCN), Mandic Irenka (Magna Powertrain), Maric Dijas (Lorit Consultancy), Mayer Ralf (BOSCH Engineering), Mergen Silvana (TDK/EPCOS), Messnarz Richard (ISCN), Much Alexander (Elektrobit), Nikolov Borislav (msg Plaut), Oehler Couso Daniel (Magna Powertrain), Riel Andreas (Grenoble INP & ISCN), Rieß Armin (BBraun), Santer Christian (AVL), Schlager Christian (Magna ECS), Schmittner Christoph (Austrian Institute of Technology AIT), Schubert Marion (ZKW), Sechser Bernhard (Process Fellows), Sokic Ivan (Continental Automotive), Sporer Harald (Infineon), Stahl Florian (AVL), Wachter Stefan (msg Plaut), Walker Alastair (Lorit Consultancy), Wegner Thomas (ZF).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Messnarz, R. et al. (2021). First Experiences with the Automotive SPICE for Cybersecurity Assessment Model. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds) Systems, Software and Services Process Improvement. EuroSPI 2021. Communications in Computer and Information Science, vol 1442. Springer, Cham. https://doi.org/10.1007/978-3-030-85521-5_35
Download citation
DOI: https://doi.org/10.1007/978-3-030-85521-5_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-85520-8
Online ISBN: 978-3-030-85521-5
eBook Packages: Computer ScienceComputer Science (R0)