Skip to main content
SpringerLink
Log in

First Experiences with the Automotive SPICE for Cybersecurity Assessment Model

  • Conference paper
  • First Online:
Book cover Systems, Software and Services Process Improvement (EuroSPI 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1442))

Included in the following conference series:

Abstract

The Automotive SPICE for Cybersecurity Assessment Model has been published as a first version in February 2021. It will be used for cybersecurity homologation assessments of projects. A new UNECE norm requires from summer 2022 onwards the presence of a CSMS (Cybersecurity Management System) for organisations and the VDA AK13 published in Feb 2021 a new assessment model for the cybersecurity of Automotive development projects. The SOQRATES group as a working party of Automotive suppliers and research and training bodies has developed a cybersecurity engineer job role and training and best practice examples of how to cover the new security engineering practices. Also, first trials of using the new security related questions have been done and first experiences are shared in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Automotive SPICE © 3.1, Process Assessment Model, VDA QMC Working Group 13/Automotive SIG, November 2017

    Google Scholar 

  2. Automotive SPICE © Guidelines, 2nd Edition Nov 2017, VDA QMC Working Group 13, November 2017

    Google Scholar 

  3. Automotive SPICE for Cybersecurity, 1st Edition, Feb. 2021, VDA QMC Working Group 13 February 2021

    Google Scholar 

  4. Armengaud, E., et al.: Development framework for longitudinal automated driving functions with off-board information integration. arXiv preprint arXiv:1906.10009 (2019)

  5. Biró, M., Messnarz, R.: Key success factors for business based improvement. In: Proceedings of the EuroSPI 1999 Conference. Pori, 1999. Pori School of Technology and Economics. Ser. A., p. 25 (1999)

    Google Scholar 

  6. Ekert, D., Messnarz, R., Norimatsu, S., Zehetner, T., Aschbacher, L.: Experience with the performance of online distributed assessments – using advanced infrastructure. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 629–638. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_47

    Chapter  Google Scholar 

  7. EU Blueprint Project DRIVES. https://www.project-drives.eu/. Accessed 6 Apr 2021

  8. European Sector Skill Council: Report, Eu Skill Council Automotive Industry (2013)

    Google Scholar 

  9. Feuer, E., Messnarz, R., Sanchez, N.: Best practices in e-commerce: strategies, skills, and processes. In: Smith, B.S., Chiozza, E. (eds.) Proceedings of the E2002 Conference, E-Business and E-Work, Novel Solutions for a Global Networked Economy. IOS Press, Amsterdam (2002)

    Google Scholar 

  10. Höhn, H., Sechser, B., Dussa-Zieger, K., Messnarz, R., Hindel, B.: Software engineering nach automotive SPICE: Entwicklungsprozesse in der Praxis-Ein Continental-Projekt auf dem Weg zu Level 3, Kapitel: Systemdesign, dpunkt. Verlag (2015)

    Google Scholar 

  11. Innerwinkler, P., et al.: TrustVehicle – improved trustworthiness and weather-independence of conditionally automated vehicles in mixed traffic scenarios. In: Dubbert, J., Müller, B., Meyer, G. (eds.) Advanced Microsystems for Automotive Applications 2018: Smart Systems for Clean, Safe and Shared Road Vehicles, pp. 75–89. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-99762-9_7

    Chapter  Google Scholar 

  12. ISO - International Organization for Standardization. “ISO 26262 Road vehicles Functional Safety Part 1–10” (2011)

    Google Scholar 

  13. ISO – International Organization for Standardization. “ISO CD 26262-2018 2nd Edition Road vehicles Functional Safety” (2018)

    Google Scholar 

  14. Korsaa, M., et al.: The SPI Manifesto and the ECQA SPI manager certification scheme. J. Softw.: Evol. Process 24(5), 525–540 (2012)

    Google Scholar 

  15. Korsaa, M., et al.: The people aspects in modern process improvement management approaches. J. Softw.: Evol. Process 25(4), 381–391 (2013)

    Google Scholar 

  16. Christian, K., Messnarz, R., Riel, A., et al.: The AQUA automotive sector skills alliance: best practice in an integrated engineering approach. Softw. Qual. Prof. 17(3), 35–45 (2015)

    Google Scholar 

  17. Messnarz, R., et al.: Integrating functional safety, automotive SPICE and six sigma – the AQUA knowledge base and integration examples. In: Barafort, Béatrix., O’Connor, Rory V., Poth, Alexander, Messnarz, Richard (eds.) EuroSPI 2014. CCIS, vol. 425, pp. 285–295. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43896-1_26

    Chapter  Google Scholar 

  18. Kreiner, C., et al.: Automotive knowledge alliance AQUA – integrating automotive SPICE, six sigma, and functional safety. In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 333–344. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39179-8_30

    Chapter  Google Scholar 

  19. Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting cyber-security based on hardware-software interface definition. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) Systems, Software and Services Process Improvement: 23rd European Conference, EuroSPI 2016, Graz, Austria, September 14-16, 2016, Proceedings, pp. 148–159. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44817-6_12

    Chapter  Google Scholar 

  20. Macher, G., Messnarz, R., Kreiner, C., et al.: Integrated safety and security development in the automotive domain, Working Group 17AE-0252/2017-01-1661. SAE International, June 2017

    Google Scholar 

  21. Macher, G., Much, A., Riel, A., Messnarz, R., Kreiner, C.: Automotive SPICE, safety and cybersecurity integration. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 273–285. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_23

    Chapter  Google Scholar 

  22. Macher, G., Diwold, K., Veledar, O., Armengaud, E., Römer, K.: The quest for infrastructures and engineering methods enabling highly dynamic autonomous systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 15–27. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_2

    Chapter  Google Scholar 

  23. Macher, G., Druml, N., Veledar, O., Reckenzaun, J.: Safety and security aspects of fail-operational urban surround perceptION (FUSION). In: Papadopoulos, Yiannis, Aslansefat, K., Katsaros, P., Bozzano, M. (eds.) IMBSA 2019. LNCS, vol. 11842, pp. 286–300. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32872-6_19

    Chapter  Google Scholar 

  24. Messnarz, R., et al.: Integrated automotive SPICE and safety assessments. Softw. Process: Improv. Pract. 14(5), 279–288 (2009). https://doi.org/10.1002/spip.429

    Article  Google Scholar 

  25. Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Softw. Qual. Prof. 18, 13 (2016)

    Google Scholar 

  26. Messnarz, R., König, F., Bachmann, V.: Experiences with trial assessments combining automotive spice and functional safety standards. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds.) Systems, Software and Services Process Improvement, pp. 266–275. Springer, Berlin (2012). https://doi.org/10.1007/978-3-642-31199-4_23

    Chapter  Google Scholar 

  27. Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Softw. Qual. Prof. 18(4), 13–23 (2016)

    Google Scholar 

  28. Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, Alastair, O’Connor, Rory V., Messnarz, Richard (eds.) Systems, Software and Services Process Improvement: 26th European Conference, EuroSPI 2019, Edinburgh, UK, September 18–20, 2019, Proceedings, pp. 549–562. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_42

    Chapter  Google Scholar 

  29. Messnarz, R., Ekert, D.: Assessment-based learning systems - learning from best projects. Softw. Process Improv. Pract. 12(6), 569–577 (2007). https://doi.org/10.1002/spip.347

    Article  Google Scholar 

  30. Messnarz, R., Much, A., Kreiner, C., Biro, M., Gorner, J.: Need for the continuous evolution of systems engineering practices for modern vehicle engineering. In: Stolfa, J., Stolfa, S., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2017. CCIS, vol. 748, pp. 439–452. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_36

    Chapter  Google Scholar 

  31. Messnarz, R., Macher, G., Stolfa, J., Stolfa, S.: Highly autonomous vehicle (system) design patterns – achieving fail operational and high level of safety and security. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 465–477. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_36

    Chapter  Google Scholar 

  32. Messnarz, R., et al.: Automotive cybersecurity engineering job roles and best practices – developed for the EU blueprint project DRIVES. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 499–510. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_37

    Chapter  Google Scholar 

  33. SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, SAE - Society of Automotive Engineers, USA, January 2016

    Google Scholar 

  34. Schlager, C., Messnarz, R., Sporer, H., Riess, A., Mayer, R., Bernhardt, S.: Hardware SPICE extension for automotive SPICE 3.1. In: Larrucea, X., Santamaria, I., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2018. CCIS, vol. 896, pp. 480–491. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_41

    Chapter  Google Scholar 

  35. Schmittner, C., et al.: Smart industrial indoor farming-Technical and societal challenges. In: IDIMT 2019: Innovation and Transformation in a Digital World-27th Interdisciplinary Information Management Talks, Trauner Verlag Universitat, pp. 401–409 (2019)

    Google Scholar 

  36. Schmittner, C., Macher, G.: Automotive cybersecurity standards - relation and overview. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds.) Computer Safety, Reliability, and Security: SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Turku, Finland, September 10, 2019, Proceedings, pp. 153–165. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26250-1_12

    Chapter  Google Scholar 

  37. SOQRATES: Task forces developing integration of automotive SPICE, ISO 26262 and SAE J3061. http://soqrates.eurospi.net/

  38. SPI Manifesto: http://2018.eurospi.net/index.php/manifesto. Accessed 2 Apr 2019

  39. Stolfa, J., et al.: Automotive quality universities - AQUA alliance extension to higher education. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) Systems, Software and Services Process Improvement: 23rd European Conference, EuroSPI 2016, Graz, Austria, September 14-16, 2016, Proceedings, pp. 176–187. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44817-6_14

    Chapter  Google Scholar 

  40. Stolfa, J., et al.: Automotive engineering skills and job roles of the future? In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 352–369. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_26

    Chapter  Google Scholar 

  41. Stolfa, J., et al.: DRIVES—EU blueprint project for the automotive sector—A literature review of drivers of change in automotive industry. J. Softw.: Evol. Process 32(3), e2222 (2020)

    Google Scholar 

  42. Veledar, O., Damjanovic-Behrendt, V., Macher, G.: Digital Twins for dependability improvement of autonomous driving. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 415–426. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_32

    Chapter  Google Scholar 

  43. Wegner, T., et al.: Enough assessment guidance, it’s time for improvement – a proposal for extending the VDA guidelines. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 462–476. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_34

    Chapter  Google Scholar 

  44. Automotive Cybersecurity Management System Audit Guideline, 1st Edition, VDA-QMC, December 2020

    Google Scholar 

  45. ISO 21434ISO/SAE 21434 DIS, Road vehicles – Cybersecurity engineering, DIS version, February 2020

    Google Scholar 

  46. “The STRIDE Threat Model”. Microsoft

    Google Scholar 

Download references

Acknowledgements

We are grateful to the European Commission which has funded the BLUEPRINT project DRIVES (2018–2021) [7, 8, 29, 32, 39,40,41]. In this case the publications reflect the views only of the author(s), and the Commission cannot be held responsible for any use, which may be made of the information contained therein.

Work is partially supported by Grant of SGS No. SP2020/62, VŠB - Technical University of Ostrava, Czech Republic.

We are grateful to a working party of Automotive suppliers SOQRATES [37] (https://soqrates.eurospi.net) who exchange knowledge about such assessment strategies. This includes: Böhner Martin (Elektrobit), Brasse Michael(HELLA), Bressau Ernst (BBraun), Dallinger Martin (ZF), Dorociak Rafal (HELLA), Dreves Rainer (Continental Automotive), Ekert Damjan (ISCN), Forster Martin (ZKW), Geipel Thomas (BOSCH), Grave Rudolf (Elektrobit), Griessnig Gerhard (AVL), Gruber Andreas (ZKW), Habel Stephan (Continental Automotive), Hällmayer Frank (Software Factory), Haunert Lutz (Giesecke & Devrient), Karner Christoph (KTM), Kinalzyk Dietmar (AVL), König Frank (ZF), Lichtenberger Christoph (MAGNA ECS), Lindermuth Peter (Magna Powertrain), Macher Georg (TU Graz & ISCN), Mandic Irenka (Magna Powertrain), Maric Dijas (Lorit Consultancy), Mayer Ralf (BOSCH Engineering), Mergen Silvana (TDK/EPCOS), Messnarz Richard (ISCN), Much Alexander (Elektrobit), Nikolov Borislav (msg Plaut), Oehler Couso Daniel (Magna Powertrain), Riel Andreas (Grenoble INP & ISCN), Rieß Armin (BBraun), Santer Christian (AVL), Schlager Christian (Magna ECS), Schmittner Christoph (Austrian Institute of Technology AIT), Schubert Marion (ZKW), Sechser Bernhard (Process Fellows), Sokic Ivan (Continental Automotive), Sporer Harald (Infineon), Stahl Florian (AVL), Wachter Stefan (msg Plaut), Walker Alastair (Lorit Consultancy), Wegner Thomas (ZF).

Author information

Authors and Affiliations

  1. ISCN GesmbH, Graz, Austria

    Richard Messnarz, Damjan Ekert, Tobias Zehetner & Laura Aschbacher

  2. JASPIC, Tokyo, Japan

    So Norimatsu

  3. University of Technology Graz, Graz, Austria

    Jürgen Dobaj & Georg Macher

Authors
  1. Richard Messnarz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. So Norimatsu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jürgen Dobaj
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Damjan Ekert
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Georg Macher
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Tobias Zehetner
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Laura Aschbacher
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Richard Messnarz .

Editor information

Editors and Affiliations

  1. Gazi University, Ankara, Turkey

    Murat Yilmaz

  2. Dublin City University, Dublin, Ireland

    Paul Clarke

  3. I.S.C.N. GesmbH, Graz, Austria

    Richard Messnarz

  4. IMC University of Applied Sciences Krems, Krems, Austria

    Michael Reiner

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Messnarz, R. et al. (2021). First Experiences with the Automotive SPICE for Cybersecurity Assessment Model. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds) Systems, Software and Services Process Improvement. EuroSPI 2021. Communications in Computer and Information Science, vol 1442. Springer, Cham. https://doi.org/10.1007/978-3-030-85521-5_35

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85521-5_35

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85520-8

  • Online ISBN: 978-3-030-85521-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation