Skip to main content
SpringerLink
Log in

Automotive Cybersecurity Auditing and Assessment - Presenting the ISO PAS 5112

  • Conference paper
  • First Online:
Systems, Software and Services Process Improvement (EuroSPI 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1646))

Included in the following conference series:

Abstract

With the publication of ISO/SAE 21434 “Road vehicles - Cybersecurity engineering” in 2021, the first international cybersecurity engineering standard for road vehicles was published. While this standard is focused on the state of the art regarding how to engineer road vehicle cybersecurity, an increasing challenge is also on how to demonstrate the achievement of cybersecurity. This was made more urgent by initiatives regarding necessary and regulated approval of road vehicle cybersecurity. This is often split between an evaluation of the processes and environment (auditing) and an evaluation of the achieved level of cybersecurity in a product (assessment). Here an overview of Automotive Cybersecurity auditing and assessment is given. Available standards and ongoing developments and their relation to Automotive Cybersecurity regulations are presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Next potential leap second date.

  2. 2.

    A similar example is ISO/IEC 27007 Information technology - Security techniques - Guidelines for ISMS Auditing.

  3. 3.

    An example could be a incident handling process before an incident happened.

  4. 4.

    Examples can be found under https://www.commoncriteriaportal.org/pps/.

  5. 5.

    Usage of component A based on protection profile 1 inside component B based on protection profile 2, where protection profile 2 references protection profile 1.

References

  1. Bhat, M.I., Giri, K.J.: Impact of computational power on cryptography. In: Giri, K.J., Parah, S.A., Bashir, R., Muhammad, K. (eds.) Multimedia Security. AIS, pp. 45–88. Springer, Singapore (2021). https://doi.org/10.1007/978-981-15-8711-5_4

    Chapter  Google Scholar 

  2. ISO/IEC JTC 1/SC 27: ISO/IEC 5888 information security, cybersecurity and privacy protection - security requirements and evaluation activities for connected vehicle devices. https://www.iso.org/standard/81805.html

  3. ISO/TC 22/SC 32: ISO 24089 - road vehicles - software update engineering

    Google Scholar 

  4. ISO/TC 22/SC 32: ISO/SAE 21434:2021 road vehicles - cybersecurity engineering (2021)

    Google Scholar 

  5. ISO/TC 22/SC 32: ISO PAS 5112:2022 road vehicles - guidelines for auditing cybersecurity engineering (2022)

    Google Scholar 

  6. ISO/TMBG: ISO 19011:2018 guidelines for auditing management systems (2018)

    Google Scholar 

  7. UNECE: World forum for harmonization of vehicle regulations (WP.29) how it works - how to join it fourth edition (2019). https://unece.org/fileadmin/DAM/trans/main/wp29/wp29wgs/wp29gen/wp29pub/WP29-BlueBook-4thEdition2019-Web.pdf

  8. UNECE WP29: UN regulation no. 155 - cyber security and cyber security management system (2021). https://unece.org/transport/documents/2021/03/standards/un-regulation-no-155-cyber-security-and-cyber-security

  9. UNECE WP29: UN regulation no. 156 - software update and software update management system (2021). https://unece.org/transport/documents/2021/03/standards/un-regulation-no-156-software-update-and-software-update

  10. VDA QMC: VDA automotive cybersecurity management system audit (2020)

    Google Scholar 

Download references

Acknowledgements

Part of this work was funded by grants from the European H2020 research and innovation program, ECSEL Joint Undertaking, under grant agreement No. 101007326 (AI4CSM project) and the FFG.

Author information

Authors and Affiliations

  1. AIT Austrian Institute of Technology, Vienna, Austria

    Christoph Schmittner

Authors
  1. Christoph Schmittner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christoph Schmittner .

Editor information

Editors and Affiliations

  1. Gazi University, Ankara, Turkey

    Murat Yilmaz

  2. Dublin City University, Dublin, Ireland

    Paul Clarke

  3. I.S.C.N. GesmbH, Graz, Austria

    Richard Messnarz

  4. Paracelsus Medical University, Salzburg, Austria

    Bruno Wöran

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schmittner, C. (2022). Automotive Cybersecurity Auditing and Assessment - Presenting the ISO PAS 5112. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol 1646. Springer, Cham. https://doi.org/10.1007/978-3-031-15559-8_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15559-8_37

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15558-1

  • Online ISBN: 978-3-031-15559-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation