ISO/SAE 21434 (FDIS) 차량 사이버보안 내부심사원 과정 #2

# ISO/SAE 21434 CSMS requirements (Threat analysis and Risk assessment methods)

 

# 15.3 Asset Identification 

• Damage scenarios shall be identified. 
  - relation between the functionality of the item and the adverse consequence;
  - description of harm to the road user; and/or
  - relevant assets.
• Assets with cybersecurity properties whose compromise leads to a damage scenario shall be identified. 
  - Analyzing the item definition; 
  - performing an impact rating;
  - deriving assets from threat scenarios; and/or
  - using predefined catalogues. 
• Example 
  - The asset is personal information (customer personal preferences) stored in an infortainment system and its cybersecurity property is confidentiality. The damage scenario is disclosure of th epersonal information without the customer's consent resulting from the loss of confidentiality. 
  - The asset is data communication of the braking function and its cybersecurity property is integrity. The damage scenario is collision with following vehicle (rear and collision) caused by unintended full braking when the vehicle is travelling at high speed. 

# 15.4 Threat scenario identification 

• Threat scenarios shall be identified and include:
  - targeted asset;
  - compromised cybersecurity property of the asset; and
  - cause of compromise of the cybersecurity property. 

# 15.5 Impact rating 

• The damage scenarios shall be assessed against potential adverse consequences for road users in the impact categories of safety, financial, operational, and privacy (S, F, O, P) respectively. 
• The impact rating of a damage scenario shall be determined for each impact category to be one of the following:
       - severe;
       - major; 
       - moderate;
       - Negligible. 
• Safety related impact ratings shall be derived from ISO 26263-3:2018, 6.4.3. 

# 15.6 Attack path analysis

• The threat scenarios shall be analyzed to identify attack paths. 
• An attack path shall be associated with the threat scenarios that can be realized by attack path. 

# 15.7 Attack feasibility rating 

• For each attack path, the attack feasibility rating shall be determined as described in table1. 

# 15.8 Risk value determination 

• For each threat scenario the risk value shall be determined from the impact of the associated damage scenario and the attack feasibility of the associated attack paths. 
• The risk value of a threat scenario shal be a value between (and including) 1 and 5, where a value of 1 represents minimal risk. 

# 15.9 Risk treatment decision 

• For each threat scenario, considering its risk value, one or more of the following risk treatment options shall be determined

# Quiz. weakness 에서 Vulnerability로 escalation 하기 위해 확인하는 두가지 항목은?
  attack path, attack feasibility