A Systematic Review of Threat Analysis and Risk Assessment Methodologies for Connected and Automated Vehicles
Meriem Benyahya, Teri Lenard, Anastasija Collen, Niels Alexander Nijdam
Abstract
With the prevalence of high cyber risks within the Connected Automated Vehicle (CAV)’s environment, the core regulation bodies mandated applying Threat Analysis and Risk Assessment (TARA) methodologies. Conducting auspicious TARA is essential to ensure acceptable level of risk by analysing potential threats and determining corresponding mitigation strategies. Albeit plethora of standardised TARA versions are available, they are not-ready-to-use methods or they do not encapsulate heterogeneous CAVs properties. By considering the TARA emerging trends and the CAVs’ SAE automation levels, the present work provides a systematic study of salient TARA methodologies in the last ten years. The methodology we applied starts with a systematic review identifying TARA approaches that are relevant to the automotive domain at a large scope. After that, the methods’ applicability to CAVs is evaluated based on their threat analysis avenues and risk metrics. We elevate our appraisal further with a focus on how the automation level is considered, how the privacy impact is assessed by each TARA method, and how subjective the experts were while assessing scores to the risk metrics. Our investigation spotlights how different methods are intertwined and joint to meet the compliance with key standards such as ISO/SAE 21434. We believe that the present study’s findings identify knowledge gaps and help to shape the next generation of TARA methods to keep pace with rapidly evolving automotive technologies and support the readiness of CAV of SAE levels four and five.