Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Investigating the Use of Artificial Intelligence (AI) in Educational Settings: A Systematic Review Kapitel lesen Erstes Kapitel lesen

2022 | OriginalPaper | Buchkapitel

Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA

verfasst von : Richard Messnarz, Damjan Ekert, Georg Macher, Svatopluk Stolfa, Jakub Stolfa, Alexander Much

Erschienen in: Systems, Software and Services Process Improvement

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The Automotive SPICE for Cybersecurity Assessor Course has been developed in Q4/2021 and launched in Jan. 2022. From 6th July 2022 onwards Automotive projects need to declare the coverage of cybersecurity norms (UNECE 155, UNECE 156, ISO 21434) for the homologation of the vehicles in the EU. All car makers request in their customer requirements documents the performance of a TARA (Cybersecurity Threat and Risk Analysis) and all ASPICE assessments for cybersecurity need to evaluate the capability of the process MAN.7 Risk management for Cybersecurity. The Base Practices of MAN.7 are related to the steps of performing and tracking a TARA. In the EU project CyberENG a training for cybersecurity managers and cybersecurity assessors is currently developed which explains how such a TARA is performed and what steps and attributes need to be considered. For the development of the iNTACS ASPICE for cybersecurity assessor training the SOQRATES group contributed practical examples for MAN.7, and SEC.1 to SEC.4 to the course development. This paper outlines how the TARA based on ISO 21434 and ASPICE for cybersecurity is structured and uses the example from the CyberENG project to explain it in practice.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Corporate Competencies – When Individual Competencies Only Do a Little Difference
Nächstes Kapitel Automotive Cybersecurity Manager and Engineer Skills Needs and Pilot Course Implementation
Literatur
1.
Automotive SPICE © 3.1, Process Assessment Model, VDA QMC Working Group 13 / Automotive SIG (2017)
2.
Automotive SPICE © Guidelines, 2nd Edition Nov 2017, VDA QMC Working Group (2017)
3.
Automotive SPICE for Cybersecurity, 1st Edition, Feb. 2021, VDA QMC Working Group (2021)
4.
Armengaud, E., Frager, S., Jones, S., Massoner, A., Parrilla, A.F., Wikström, N., Macher, G.: Development Framework for Longitudinal Automated Driving Functions with Off-board Information Integration arXiv preprint arXiv:​1906.​10009 (2019)
5.
Biró, M., Messnarz, R.: Key success factors for business based improvement. In: Proceedings of the EuroSPI ‘1999 conference. Pori, 1999. (Pori School of Technology and Economics. Ser. A., 25.) (1999)
6.
7.
Ekert, D., Messnarz, R., Norimatsu, S., Zehetner, T., Aschbacher, L.: Experience with the performance of online distributed assessments – using advanced infrastructure. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 629–638. Springer, Cham (2020). https://​doi.​org/​10.​1007/​978-3-030-56441-4_​47CrossRef
8.
9.
European Sector Skill Council: Report, Eu Skill Council Automotive Industry (2013)
10.
Feuer, E., Messnarz, R., Sanchez, N.: Best practices in e-commerce: strategies, skills, and processes. In: Proceedings of the E2002 Conference, E-Business and E-Work, Novel Solutions for a Global Networked Economy, eds. Brian Stanford Smith, Enrica Chiozza, IOS Press, Amsterdam, Berlin, Oxford, Tokyo, Washington (2002)
11.
Höhn, H., Sechser, B., Dussa-Zieger, K., Messnarz, R., Hindel, B.: Software Engineering nach Automotive SPICE: Entwicklungsprozesse in der Praxis-Ein Continental-Projekt auf dem Weg zu Level 3. Systemdesign, dpunkt. Verlag, Kapitel (2015)
12.
Innerwinkler, P., et al.: TrustVehicle--Improved Trustworthiness and weather-independence of conditionally automated vehicles in mixed traffic scenarios. International Forum on Advanced Microsystems for Automotive Applications, pp. 75–89 (2018)
13.
ISO - International Organization for Standardization: ISO 26262 Road vehicles Functional Safety Part 1–10 (2011)
14.
ISO – International Organization for Standardization: ISO CD 26262–2018 2nd Edition Road vehicles Functional Safety (2018)
15.
Korsaa, M., et al.: The SPI manifesto and the ECQA SPI manager certification scheme. J. Software: Evolution Process 24(5), 525–540 (2012)
16.
Korsaa, M., et al.: The people aspects in modern process improvement management approaches. J. Software: Evolution Process 25(4), 381–391 (2013)
17.
Kreiner, C., Messnarz, R., Riel, A., et al: The AQUA Automotive sector skills alliance: best practice in an integrated engineering approach. Software Quality Professional 17(3), 35–45 (2015)
18.
Kreiner, C.J., et al.: Integrating functional safety, automotive SPICE and six sigma – the AQUA knowledge base and integration examples. In: Systems, Software and Services Process Improvement 21st European Conference, EuroSPI, pp. 285–295 (2014)
19.
Kreiner, C.J., et al.: Automotive knowledge alliance AQUA - integrating automotive SPICE, six sigma, and functional safety. In: Systems, Software and Services Process Improvement 20th European Conference, EuroSPI 2013, Dundalk, Ireland, June 25–27. Proceedings, pp. 333 – 344 (2013)
20.
Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting cyber-security based on hardware-software interface definition systems. In: Software and Services Process Improvement - 23nd European Conference, EuroSPI 2016 Proceedings, Springer (2016)
21.
Macher, G., Messnarz, R., Kreiner, C., et al.: Integrated safety and security development in the automotive domain, Working Group 17AE-0252/2017–01–1661, SAE International (2017)
22.
23.
Macher, G., Diwold, K., Veledar, O., Armengaud, E., Römer, K.: The quest for infrastructures and engineering methods enabling highly dynamic. Autonomous Systems European Conference on Software Process Improvement, pp. 15–27 (2019)
24.
Macher, G., Druml, N., Veledar, O., Reckenzaun, J.: Safety and security aspects of fail-operational urban surround perceptION (FUSION). International Symposium on Model-Based Safety and Assessment, pp. 286–300 (2019)
25.
Messnarz, R., et al.: Integrated Automotive SPICE and safety assessments, Volume14, Issue5, Special Issue: Part 1: Special Issue on SPI Experiences and Innovation for Global Software Development, WILEY, pp. 279–288 (2009). https://​doi.​org/​10.​1002/​spip.​429
26.
Messnarz, R., Kreiner, C., Riel, A.: Integrating Automotive SPICE, Functional Safety, and Cybersecurity Concepts: A Cybersecurity Layer Model. Software Quality Professional (2016)
27.
Messnarz, R., König, F., Bachmann, V.O.: Experiences with trial assessments combining automotive spice and functional safety standards. In: Winkler D., O’Connor R.V., Messnarz R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2012. Communications in Computer and Information Science, vol 301. Springer, Berlin, Heidelberg (2012). https://​doi.​org/​10.​1007/​978-3-642-31199-4_​23
28.
Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Software Quality Professional 18(4), 13–23 (2016)
29.
Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2019. Communications in Computer and Information Science, vol 1060. Springer, Cham (2019) https://​doi.​org/​10.​1007/​978-3-030-28005-5_​42
30.
Messnarz, R., Ekert, D.: Assessment‐based learning systems - learning from best projects. In: Wiley Inerscience, Software Process Improvement in Practice, Volume12, Issue6, Special Issue: Special Issue on Industrial Experiences in SPI, pp. 569–577 (2007). https://​doi.​org/​10.​1002/​spip.​347,
31.
Messnarz, R., Much, A., Kreiner, C., Biro, M., Gorner, J.: Need for the continuous evolution of systems engineering practices for modern vehicle engineering. In: Stolfa, J., Stolfa, S., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2017. CCIS, vol. 748, pp. 439–452. Springer, Cham (2017). https://​doi.​org/​10.​1007/​978-3-319-64218-5_​36CrossRef
32.
Messnarz, R., Macher, G., Stolfa, J., Stolfa, S.: Highly autonomous vehicle (system) design patterns – achieving fail operational and high level of safety and security. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 465–477. Springer, Cham (2019). https://​doi.​org/​10.​1007/​978-3-030-28005-5_​36CrossRef
33.
34.
35.
36.
SAE J3061, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, SAE - Society of Automotive Engineers, USA (2016)
37.
38.
Schmittner, C., et al.: Innovation and transformation in a digital world-27th interdisciplinary information management talks. Trauner Verlag Universitat 2019, 401–409 (2019)
39.
Schmittner, C., Macher, G.: Automotive Cybersecurity Standards-Relation and Overview International Conference on Computer Safety, Reliability, and Security, pp. 153–165 (2019)
40.
41.
42.
Stolfa, J., et al.: Automotive quality universities - AQUA alliance extension to higher education. In: Kreiner, C., O’Connor, R., Poth, A., Messnarz, R.: (eds) Systems, Software and Services Process Improvement. EuroSPI 2016. Communications in Computer and Information Science, vol 633. Springer, Cham (2016). https://​doi.​org/​10.​1007/​978-3-319-44817-6_​14
43.
44.
Stolfa, J., et al.: DRIVES—EU blueprint project for the automotive sector—A literature review of drivers of change in automotive industry. In: Journal of Software: Evolution and Process, Volume32, Issue3, Special Issue: Addressing Evolving Requirements Faced by the Software Industry (2020)
45.
Stolfa, J., et al.: Systems, Software and Services Process Improvement: 28th European Conference, EuroSPI 2021, Krems, Austria, September 1–3, 2021, Proceedings, CCIS 1442, SPRINGER Nature (2021)
46.
Veledar, O., Damjanovic-Behrendt, V., Macher, G.: Digital Twins for dependability improvement of autonomous driving. In: European Conference on Software Process Improvement, pp. 415–426 (2019)
47.
48.
Automotive Cybersecurity Management System Audit Guideline, 1st Edition, VDA-QMC (2020)
49.
ISO 21434ISO/SAE 21434, Road vehicles – Cybersecurity engineering, First Edition (2021)
50.
51.
Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 549–562. Springer, Cham (2019). https://​doi.​org/​10.​1007/​978-3-030-28005-5_​42CrossRef
Metadaten
Titel
Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA
verfasst von
Richard Messnarz
Damjan Ekert
Georg Macher
Svatopluk Stolfa
Jakub Stolfa
Alexander Much
Copyright-Jahr
2022
Buch
Systems, Software and Services Process Improvement

Print ISBN: 978-3-031-15558-1

Electronic ISBN: 978-3-031-15559-8

Copyright-Jahr: 2022

DOI
https://doi.org/10.1007/978-3-031-15559-8_23

Premium Partner

    Bildnachweise