Evolving cybersecurity threats in complex cyber-physical systems pose significant risks to system functionality and safety. This experience report introduces ACTISM (Automotive Consequence-Driven and Threat-Informed Security Modelling), an integrated security modelling framework that enhances the resilience of automotive systems by dynamically updating their cybersecurity posture in response to prevailing and evolving threats, attacker tactics, and their impact on system functionality and safety. ACTISM addresses the existing knowledge gap in static security assessment methodologies by providing a dynamic and iterative framework. We demonstrate the effectiveness of ACTISM by applying it to a real-world example of the Tesla Electric Vehicle's In-Vehicle Infotainment system, illustrating how the security model can be adapted as new threats emerge. We also report the results of a practitioners' survey on the usefulness of ACTISM and its future directions. The survey highlights avenues for future research and development in this area, including automated vulnerability management workflows for automotive systems.
翻译:复杂信息物理系统中不断演进的网络安全威胁对系统功能与安全性构成重大风险。本实践报告介绍ACTISM(汽车后果驱动与威胁感知安全建模框架),这是一种集成化的安全建模框架,通过动态更新汽车系统的网络安全态势以应对当前及演变的威胁、攻击者策略及其对系统功能与安全的影响,从而增强汽车系统的韧性。ACTISM通过提供动态迭代的框架,弥补了静态安全评估方法中存在的知识空白。我们通过将ACTISM应用于特斯拉电动汽车车载信息娱乐系统的实际案例,论证了该框架的有效性,并展示了安全模型如何随新威胁的出现而动态调整。同时,我们报告了关于ACTISM实用性及未来方向的从业者调研结果。该调研指出了该领域未来的研究方向,包括汽车系统自动化漏洞管理工作流等。