A Preliminary View on Automotive Cyber Security Management Systems

Cyber security is increasingly recognized as an essential topic for automotive systems, especially in the area of connected and automated driving. Upcoming regulation defines requirements for cyber security on multiple levels in the automotive domain in order to achieve type approval. On the organizational level, a cyber security management system (CSMS) which covers the whole vehicle lifecycle and ecosystem is required. In addition, an argumentation for the cyber security of each vehicle type for which type approval is requested has to be given. Due to the novel nature of these requirements compared to existing type approval requirements, a test phase is ongoing. The components and scope of a CSMS are an open issue. We give an overview of the requirements for a CSMS, identify approaches and gaps, and give an outlook towards a potential framework which can address the requirements.