Cybersecurity threats in complex cyber-physical systems pose significant risks to system functionality and safety. This experience report introduces ACTISM (Automotive Consequence-Driven and Threat-Informed Security Modelling), an integrated security modeling approach that enhances the resilience of automotive systems by dynamically updating their cybersecurity posture in response to prevailing threats, attacker tactics, and their impact on system functionality and safety. ACTISM addresses the existing knowledge gap in static security assessment methodologies by providing a dynamic and iterative framework. We demonstrate the effectiveness of ACTISM by applying it to a real-world example of the Tesla Electric Vehicle's In-Vehicle Infotainment system, illustrating how the security model can be adapted as new threats emerge. We also outline avenues for future research and development in this area, including automated vulnerability management workflows for automotive systems.

翻译：复杂信息物理系统中的网络安全威胁对系统功能与安全性构成重大风险。本实践报告介绍ACTISM（汽车后果驱动与威胁感知安全建模），这是一种集成的安全建模方法，通过动态更新汽车系统的网络安全态势以应对当前威胁、攻击者策略及其对系统功能与安全的影响，从而增强汽车系统的弹性。ACTISM通过提供动态迭代框架，弥补了现有静态安全评估方法的知识空白。我们通过将ACTISM应用于特斯拉电动汽车车载信息娱乐系统的真实案例，展示了该方法的有效性，并阐释了安全模型如何随新威胁的出现而自适应调整。同时，我们展望了该领域未来的研究方向，包括汽车系统自动化漏洞管理工作流。