Abstract
With the publication of ISO/SAE 21434 “Road vehicles - Cybersecurity engineering” in 2021, the first international cybersecurity engineering standard for road vehicles was published. While this standard is focused on the state of the art regarding how to engineer road vehicle cybersecurity, an increasing challenge is also on how to demonstrate the achievement of cybersecurity. This was made more urgent by initiatives regarding necessary and regulated approval of road vehicle cybersecurity. This is often split between an evaluation of the processes and environment (auditing) and an evaluation of the achieved level of cybersecurity in a product (assessment). Here an overview of Automotive Cybersecurity auditing and assessment is given. Available standards and ongoing developments and their relation to Automotive Cybersecurity regulations are presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Next potential leap second date.
- 2.
A similar example is ISO/IEC 27007 Information technology - Security techniques - Guidelines for ISMS Auditing.
- 3.
An example could be a incident handling process before an incident happened.
- 4.
Examples can be found under https://www.commoncriteriaportal.org/pps/.
- 5.
Usage of component A based on protection profile 1 inside component B based on protection profile 2, where protection profile 2 references protection profile 1.
References
Bhat, M.I., Giri, K.J.: Impact of computational power on cryptography. In: Giri, K.J., Parah, S.A., Bashir, R., Muhammad, K. (eds.) Multimedia Security. AIS, pp. 45–88. Springer, Singapore (2021). https://doi.org/10.1007/978-981-15-8711-5_4
ISO/IEC JTC 1/SC 27: ISO/IEC 5888 information security, cybersecurity and privacy protection - security requirements and evaluation activities for connected vehicle devices. https://www.iso.org/standard/81805.html
ISO/TC 22/SC 32: ISO 24089 - road vehicles - software update engineering
ISO/TC 22/SC 32: ISO/SAE 21434:2021 road vehicles - cybersecurity engineering (2021)
ISO/TC 22/SC 32: ISO PAS 5112:2022 road vehicles - guidelines for auditing cybersecurity engineering (2022)
ISO/TMBG: ISO 19011:2018 guidelines for auditing management systems (2018)
UNECE: World forum for harmonization of vehicle regulations (WP.29) how it works - how to join it fourth edition (2019). https://unece.org/fileadmin/DAM/trans/main/wp29/wp29wgs/wp29gen/wp29pub/WP29-BlueBook-4thEdition2019-Web.pdf
UNECE WP29: UN regulation no. 155 - cyber security and cyber security management system (2021). https://unece.org/transport/documents/2021/03/standards/un-regulation-no-155-cyber-security-and-cyber-security
UNECE WP29: UN regulation no. 156 - software update and software update management system (2021). https://unece.org/transport/documents/2021/03/standards/un-regulation-no-156-software-update-and-software-update
VDA QMC: VDA automotive cybersecurity management system audit (2020)
Acknowledgements
Part of this work was funded by grants from the European H2020 research and innovation program, ECSEL Joint Undertaking, under grant agreement No. 101007326 (AI4CSM project) and the FFG.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Schmittner, C. (2022). Automotive Cybersecurity Auditing and Assessment - Presenting the ISO PAS 5112. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol 1646. Springer, Cham. https://doi.org/10.1007/978-3-031-15559-8_37
Download citation
DOI: https://doi.org/10.1007/978-3-031-15559-8_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15558-1
Online ISBN: 978-3-031-15559-8
eBook Packages: Computer ScienceComputer Science (R0)