Linked Knowledge Nuggets: arrow_forward "Fo(u)rces of Cybersecurity Engineering"
personAuthor: Timo Karasch,
Florian Schmitt
Cybersecurity Goals, Controls, Requirements and Threats are important forces for cybersecurity engineering. It is nearly impossible to separate them in a timely manner. In fact, they influence each other during definition.
This webinar gives a simple example of the interaction of these four forces and addresses the consistency to existing standards in Cybersecurity (ISO 21434 and Automotive SPICE for Cybersecurity). It shows a possible approach for implementation in your organization.
school
Webinar recording and slides
# PROCESS PURPOSE
The purpose is to regularly identify, analyze, prioritize, and monitor risks of damage to relevant stakeholders.
# PROCESS OUTCOMES
O1
The (Item = Component or set of components that implements a function at the vehicle level.) is defined including its functions and boundaries.
O2
Relevant (Asset = Object that has value or contributes to value.), threats and (Damage scenario = Adverse consequence involving a vehicle or vehicle function and affecting a stakeholder.) are identified and regularly updated.
O3
Cybersecurity risks are analyzed based on impact rating and (Attack feasibility = Attribute of an attack path describing the ease of successfully carrying out the corresponding set of actions.) rating in order to support prioritization for the treatment of risks.
O4
The status of risk and the progress of the risk treatment activities is determined.
O5
Appropriate treatment is taken to mitigate the impact of risk based on its priority, likelihood, and consequence or other defined risk threshold.
Identify and regularly update the cybersecurity risk management scope including the (Item = Component or set of components that implements a function at the vehicle level.), its functions and its boundaries with affected parties.
Note 1: Risks may include technical, economical, and schedule risks.
Note 2: Risks may include the suppliers’ deliverables and services.
Note 3: The risk sources may vary across the entire product life cycle.
BP2
Identify cybersecurity events. (
O2 )
Identify and regularly evaluate (Cybersecurity information = Information with regard to cybersecurity for which relevance is not yet determined.) and derive potential (Cybersecurity event = Cybersecurity information that is relevant for an item or component.). Update the relevant (Asset = Object that has value or contributes to value.), damage and (Threat Scenario = Potential cause of compromise in cybersecurity properties of one or more assets in order to realize a damage scenario.) with affected parties.
BP3
Analyze risks. (
O3 )
Analyze and determine the risk of the potential (Cybersecurity event = Cybersecurity information that is relevant for an item or component.) based on the impact they may have and based on the feasibility of an (Attack path = Set of deliberate actions to realize a threat scenario.) to be exploited in order to support prioritization for the treatment of risks.
Note 4: Different methods may be used to analyze technical risks of a (System = A collection of interacting items organized to accomplish a specific function or set of functions within a specific environment.), for example: TARA including (Attack path = Set of deliberate actions to realize a threat scenario.) analysis, simulation, ETA (Event Tree Analysis), ATA (Attack Tree Analysis), FTA ( (Fault = A manifestation of an error in software.) Tree Analysis).
BP4
Define risk treatment options. (
O4, O5 )
For each risk, select a treatment option to retain, reduce, avoid, or transfer (share) the risk.
Define and perform risk activities for selected risk treatment options.
BP6
Monitor risks. (
O4 )
Regularly re-evaluate the risks related to the identified potential (Cybersecurity event = Cybersecurity information that is relevant for an item or component.) to determine changes in the status of the cybersecurity risks, re-evaluate the risk treatment options and review the progress of the risk treatment activities.
Note 5: Risks of high priority may need to be communicated to and monitored by higher levels of management.
BP7
Take corrective action. (
O5 )
When risk treatment activities are not effective, take appropriate corrective action.
Note 6: Corrective actions may involve re-evaluation of risks, developing and implementing new mitigation concepts or adjusting the existing concepts.
# OUTPUT INFORMATION ITEMS
15-51
Analysis results (
O1, O2, O3 )
Identification of the object under analysis.
The analysis criteria used, e.g.:
selection criteria or prioritization scheme used
decision criteria
quality criteria
The analysis results, e.g.:
what was decided/selected
reason for the selection
assumptions made
potential negative impact
Aspects of the analysis may include
correctness
understandability
verifiability
feasibility
validity
Used by these processes:
MAN.7 Cybersecurity Risk Management
SEC.1 Cybersecurity Requirements Elicitation
14-02
Corrective action (
O4, O5 )
Identifies the initial problem
Identifies the ownership for completion of defined action
Defines a solution (series of actions to fix problem)
Identifies the open date and target closure date
Contains a status indicator
Indicates follow up audit actions
Used by these processes:
ACQ.2 Supplier Request and Selection
MAN.7 Cybersecurity Risk Management
17-53
Cybersecurity threat scenario (
O2 )
Description of how threats exploit a (Weakness = Defect or characteristic that can lead to undesirable behavior.)/ (Vulnerability = Weakness that can be exploited as part of an attack path.) or multiple weaknesses/vulnerabilities exposing (Asset = Object that has value or contributes to value.) to harm, to enable the corresponding risk analysis
Detailed chronological and functional description of an actual or hypothetical threat or group of threats
Sequence of actions that involve interaction with (System = A collection of interacting items organized to accomplish a specific function or set of functions within a specific environment.) resulting in a (Threat Scenario = Potential cause of compromise in cybersecurity properties of one or more assets in order to realize a damage scenario.)
A (Threat Scenario = Potential cause of compromise in cybersecurity properties of one or more assets in order to realize a damage scenario.) shall include, e.g.:
(Asset = Object that has value or contributes to value.) targeted by the threat
(Cybersecurity property = Attribute that can be worth protecting.) which is compromised
compromise cause of the (Cybersecurity property = Attribute that can be worth protecting.)
(Threat Scenario = Potential cause of compromise in cybersecurity properties of one or more assets in order to realize a damage scenario.) give a detailed and concrete description of applicable threats, like:
ransomware
phishing
spoofing
denial of service
Used by these processes:
MAN.7 Cybersecurity Risk Management
15-09
Risk status (
O4, O5 )
Identifies the status, or the change, of an identified risk:
risk statement
risk source
risk impact and risk likelihood
categories and risk thresholds, e.g. for prioritization or setting a status
risk treatment activities in progress
Used by these processes:
MAN.7 Cybersecurity Risk Management
08-55
Risk treatment (
O3, O4, O5 )
Identifies:
the risk to be mitigated, avoided, retained or transferred (shared)
the activities to mitigate, avoid, retain or transfer (share) the risk
MAN.7
Cybersecurity Risk Management
