[Samuel WENG]

Cybersecurity, RAMS investigator

Congratulations for the fist edition publish for intact cybersecurity ASPICE additional publishment, yet official one from CDA will be in May, 2021.

Following you can download the standard. 

Much thanks for @Alec Dorling the information. 

FIRST: Introduction

(1) Though there are CSMS in the R155 ECE, unfortunately it is not so systematically and will not incorporated into SPICE for process layer.

But the R155 Can be somehow to be part of cybersecurity audit context

(2) Though there are cybersecurity project level or organization level cybersecurity context in ISO SAE 21434, It is not in real development context so that we cannot follow them directly.

(3) This cybersecurity in ASPICE will incorporate cybersecurity into ASPICE officially and then we also can have capabilities and assessment model together, and incorporate all of the things together. 

(4) Officially there are demonstration experience in ICT industry but there seems little in automotive industry. 

Normally it is not ICT industry guys to decide on automotive industry process where to go. 

Here, for the identification, there shall be Automotive industry cybersecurity guys to decide. 

VDA yellow paper will be one important milestone for that happen. 

(5) More cybersecurity management systems will come out, here this article just as proposal for your cybersecurity practices:

1- try to focus on only one systematic cybersecurity management framework. 

TISAX+ 27001+ R155+VDA enough for Germany OEM

2- Other district 

21434+27001+ R155+ R157+ VDA enough for non-Germany OEM

3- Cybersecurity offboard

62443 + 27001+ R155+ R157+ VDA+ ISMS for overall general guidelines

4- Cybersecurity for privacy

GDPR+ Regulation+ 21434

5- Cybersecurity for Agility

VDA agile SPICE + Cybersecurity SPICE

(6) Cybersecurity incorporate with FUSA and ASPICE

Tailored by SPICE model and then more powerful scenario can be accepted. 

SECOND: Status

cybersecurity in onboard side current not so good at all. 

we face the challenge as innovation technology recently:

(1) ADAS and ADS

(2) Domain controller

(3) New EEA

(4) Software defined VEhicle

When to face above titles, changes happen following:

1-ADS will merging with IVI for one domain controller, ETHERNET and NYFW will use for fast speed and computing scenarios

2-Domain controller big functionality function set cutting problem. New problem arising due to non clear functions cannot be divided and in ODD, Whose functionality or which will be stringent and important to highlight is the concern, in different ODD, there different function limits, and that time this suffer from many more complex cconstraints, and in European, it regarded as critical one and more often it is unknown unsafe inside, we cannot clearly to analyze it but VV. That is why sensor fusion still cannot do 100% perfect for all of the scenarios

3- Software defined vehicles, it is including cloud and big OS inside cars, each domain controller will have IP or MAC address differently, moreover, we have to see one common way, traditional ICT industry cybersecurity technologies involved in this tendency, current challenge are in how to apply it and the cost problem

Reliability is another big challenge. 

Btw, it is important we work together for future cybersecurity management together. 

LINK:

https://pan.baidu.com/s/1Qk63qE8hhi8V-1VB9HnoSg 

提取码:h2wa