Week 4 - Cybersecurity Risk Management (Threat Analysis)

What is an APT?

Advanced Persistent Threat - a long term targeted attack.

What is ISO/SAE 21434?

A standard for automotive cybersecurity engineering.

State and define the two things risk assessment (in ISO 21434) looks at?

• Impact types: safety, financial, operational and privacy

• Impact ratings: sever, major, moderate, and negligible

Common in-vehicle networks

CAN, FlexRay, Automotive Ethernet

Common external connections (vehicle network technologies)

Wi-Fi, Bluetooth, EV charging etc…

what are common attach surfaces in vehicles?

wireless (Wi-Fi, Bluetooth)

wired (OBD-II, USB, ECUs)

What is an ‘item definition’ in ISO/SAE 21434?

Scope of the item including boundaries, functions, and architecture

state and describe the 4 things in risk treatment

• Transfer or share the risk to another component or entity

• Avoid through redesign or remove a component or a feature in a system;

• Reduce through security controls and mechanisms placed to reduce likelihood and/or impact;

• Accept the risk (along with any further appropriate measures such as monitoring).

CAN/CAN-FD

basic communication, but lacks built-in authentication

FlexRay

designded for time-deterministic communication like braking/steering. also lacks authentication

automotive ethernet

modern, supports cryptographic security like TLS/IPSec

steps in threat analysis under ISO/SAE 21434

• asset identification

• threat scenarios

• attack path analysis

• impact feasibility

• risk determination

what is a damage scenario?

a consequence involving a vehicle function that harms stakeholders

what is domain separation?

segmenting the vehicle network into domains to limit threat propagation

what is the Bowtie Model?

a model showing cause-effect relationships around a risk scenario

-          Left = causes —> threats

-          Right = effects —> damage

-          Centre = asset

what is STRIDE?

a threat modelling method: spoofing, Tampering, Repudiation, Information disclosure, denial of service, elevation of privilege

Spoofing

(S) = a person or entity masquerades as another

Tampering

(T) = insertion, modification or deletion of data

Repudiation

(R) = an entity denies responsibility for an action

Information disclosure

(I) = provision or leak of information to an unauthorized entity

Denial of Service (DoS)

(D) = making a resource unavailable to authorized entities

Elevation of Privilege

(E) = an entity gains greater authorization than permitted

What is TARA?

Threat Analysis and Risk Assessment