RUB » Bibliotheksportal

Jonas Borg, Alexander Åström

• The development of the electrical system in vehicles, in accordance with current guidelines and standards, involves the division of the vehicle into discrete subparts, referred to as "items." The concept of items has been made mandatory by the recently introduced automotive-specific standard, ISO/SAE 21434. This concept has been inherited from the more established functional safety standard, ISO 26262. An item is defined as a component or a set of components that perform a specific function at the vehicle level. This approach enables the representation of cybersecurity risks with fine granularity. However, this approach is not without its challenges. In practice, each item is dependent on other items for protection against cybersecurity threats. If these dependencies are not effectively managed, the value of the item-based and risk-driven approach may be undermined. ISO/SAE 21434 provides basic constructs, such as assumptions, cybersecurity claims, and cybersecurity cases, to manage these dependencies. However, the standard does not provide sufficient guidance on how to use these constructs effectively. This paper presents an approach that utilises assumptions, cybersecurity claims, and modular cybersecurity cases to manage the interdependencies between items, thereby providing an efficient means of managing cybersecurity risks over time.