Physical Security Risk Analysis for Mobile Access Systems Including Uncertainty Impact

Protection against car theft, involving organized crime, is a growing threat for car owners as well as fleet management providers. This brings the use of security technologies into automotive industry. The evaluation of security and the justified use of measures to reduce vulnerability of car security systems is perceived as a special challenge for vendors and users of mobile access systems (MAS), as usually only limited resources for design and analysis are available. A lack of adequate reference works and specifications in the form of concrete recommendations for action, guidelines or standards often leads to proprietary security assessments heavily relying on compliance checks. These assessments often lack sufficiency regarding application-specificity and target-orientation in terms of a good cost benefit ratio. This is true for MAS in particular, as they are relatively new products with specific use cases and boundary conditions. The open-available Performance Risk-based Integrated Security Methodology (PRISM) allows a performance-based physical security assessment of critical infrastructures (CRITIS) and initiated a paradigm shift towards performance-based methods within this area. However, PRISM comprises semi-quantitative approaches only and thus does not allow for the consideration of uncertainty impact. Moreover, the approach has not been applied to mobile access systems (MAS) yet. This paper aims at applying the concept of PRISM to the use case of MAS by extending and optimizing it to enable a holistic risk assessment considering uncertainties.