Towards the development of the cybersecurity concept according to ISO/SAE 21434 using model-based systems engineering *

Abstract

Cyber-physical systems (CPS), such as autonomous vehicles, are intelligent and networked. Close collaboration between stakeholders from different disciplines is necessary right from the start of development. In the automotive sector in particular, the collaboration of the car manufacturer extends to several suppliers. The increasing complexity in the design of such CPSs makes interdisciplinary and cross-company collaboration more difficult. Here, requirements specifications serve as a support for communication. A lack of overall understanding of such CPSs and their numerous interfaces jeopardizes the assurance of safety-relevant security. ISO/SAE 21434, which applies to the automotive industry, requires the creation of a cybersecurity concept at the beginning of the product development process. The problem is that ISO/SAE 21434 only prescribes WHAT must be done, but does not define HOW this is supposed to be done methodically.Existing methods are not applicable to the concept phase without extensive tailoring, according to the challenges I identified in this paper and the literature review I conducted. Furthermore, I present four papers I have written and four papers I plan to write, which serve as building blocks for the required overall method. Finally, I explain how I plan to evaluate my approach.