Cyber Threat Susceptibility Assessment for Heavy-Duty Vehicles Based on ISO/SAE 21434

Abstract

TARA, which stands for Threat Analysis and Risk Assessment, serves as the foundational stage of cybersecurity implementation, particularly in the context of vehicular systems. While various considerations and risk assessment frameworks have been discussed in recent years, there is a notable lack of TARA models specifically designed for heavy-duty (HD) vehicles. The security considerations and vulnerabilities in HD vehicles differ significantly from those in light-duty (LD) vehicles, leading to different security impacts and varying attack feasibility. This makes existing models inadequate for accurately assessing risks in the context of HD vehicles. This study introduces a novel risk assessment model tailored for HD vehicles, addressing gaps in existing TARA frameworks such as EVITA, HEAVENS, and ISO/SAE 21434. The key contribution of this work lies in the customization of impact and feasibility metrics within the ISO/SAE framework to better account for the unique security challenges posed by HD vehicles. Unlike prior models, this approach adapts the impact criteria to reflect the diverse range of security concerns specific to HD vehicles, which have been inadequately addressed in existing frameworks. Additionally, through a comprehensive analysis of threat vectors and vehicle interfaces, the model refines feasibility criteria, ensuring a more accurate and context-aware assessment of security risks. By adopting these enhancements, the proposed model offers more precise risk assessments that align with HD vehicle considerations, helping to prioritize threats and make optimal decisions regarding risk treatment.