Deployment of cybersecurity workflow such as cyber threat analysis through risk assessment in the automotive context still a complex task due to the necessity to exploit the regulatory referential [1], define threats based on personal knowledge and the real-world attack happened which help to determine the risk’s likelihood. In fact, we have observed that the likelihood, which focuses mainly on “Attack Feasibility”, needs to be more precise in identifying and assessing attacks and threats to obtain a risk estimate that accurately reflects reality to mitigate them.
In the cybersecurity automotive context, there is no deep and relevant understanding of the attacks and threats which should be linked to actual potential weakness and vulnerabilities, to provide the ability to determine, specify and deploy the appropriate mitigation measures to protect the system.
Additionally, we do not have the refined common knowledge base for automotive security threats assessment. Moreover, we lack a uniform approach (from various sources) that consider all domain and subdomain, including onboard and offboard systems, components, and communication protocols. This increases the risk that threats exploit vulnerabilities or weaknesses which have not been precisely identified, thereby impacting the vehicle's ecosystem.
These issues are mainly raised to provide a strong foundation for security assessment, design, and requirement engineering to avoid forgetting weaknesses/vulnerabilities and their mitigations.
After clarifying the "What" and the "Why," let us now proceed to the "How." The article presents the contribution from F. Sommer et al. They provide the gap analysis and mapping between UNECE regulations [1][2], standards ISO/SAE 21434:2021 [3], latest open-source catalogue and taxonomies such as CAPEC [4] patterns, CWE [5] combined with AAD pattern database [6] using as gateway Microsoft’s STRIDE [7] and technological domain (Software, Hardware, Communications). The primary goal of this exercise is to make the pattern selection as precise as possible. Through the contribution the initiators collect and exploit all data from historical publication, study and community publications which contains different attacks, threats, and mitigations taxonomies from adjacent domain. They try to categorize the attack bounded to automotive context. We may observe that the AAD database is used to refine and validate this cartography/mapping.
The Underlying goal of this method is to provide the right mitigation based on 3 technical domains (Software, Hardware, and communication).
Thanks to this refinement taxonomy-based from an exhaustive resource, the contribution provides a referential that could be considered as an extension to increase the relevant and usability of common classified automotive attacks database. One of the most important things we can observe from this paper is that it provides a common threat, attack, mitigation taxonomy database that provides the common inter-industrial language (terminology) between automotive Stakeholders such as OEMs and Tiers. Furthermore, this common database should be a gateway between Stakeholders in the development cycle to converge and specify their system. One of the strengths of the contribution is the exhaustivity of the mapping and their explanation.
However, some limitations by this paper are observable. For instance, the CAPEC mitigations are not fully applicable in the automotive context since the countermeasures are from adjacent domains. Regarding the weakness, as expressed in the contribution, not every CAPEC pattern has a link to CWE, also, it does not express how they are selected by themselves (researchers). Additionally, we observed that not every mapping could be linked to real-world attack, 95/204 was mapped to AAD. Finally, this mapping could not cover new attacks.
ADVICE AND FUTURE PERSPECTIVES
One of the underlying objectives of this method could be to propose the right mitigation at the right technical level. For instance, it could provide the taxonomy with the right level dedicated to the right position in the development cycle. Indeed, an OEM should analyze the attacks and impact at the right level like system level, whereas the tiers1 should analyze with a deeper level and be more technical.
Moreover, it would be interesting to integrate the impact analysis (SFOP) on this taxonomy-based mapping. Such integration could facilitate the automated production of risk analysis and seek to reduce human subjectivity thanks to predictive AI. Additionally, we could constitute a database which can provide link between Model Based System Engineering’s (MBSE) object, use cases, and weakness/vulnerabilities exposed through the contribution tables. This traceability will propose a first vision to cybersecurity engineering threat in the system engineering design life cycle, probably through dedicated tool. This could allow to help to determine which ASIL level can an attack reach. We are talking about cybersecurity by design.
It could be more relevant to include the mapping with the new MITR3MBED framework [8] which is dedicated to embedded systems. This should provide a more precise technical attack vector and enrich this proposal of taxonomy-based mapping.
Furthermore, we are talking about cybersecurity intelligence in the automotive context, so we cannot avoid talking about CTI (Cyber threat intelligence) discipline that led to open question: How could we exploit this concept to increase the utility of this taxonomy-based mapping and potentially specify new patterns dedicated to Intrusion Detection System?
Get in touch
Our dedicated team is at your disposal
to ensure the security of your projects.