22.01.2019

Presentation at Automotive Circle „Assembly“, February 2019, Bad Nauheim

Conference subject:
“Assembly in the tension field between digitalisation and IT security”

Main topics:
- Process optimization in assembly and logistics
- New technologies from the smart factory
- Cyber Security
- Human resources — the assembly worker

Dr. Joachim Leder presented on Wednesday, February 20th:

Risk analysis and threat analysis - the starting point of an effective security concept

Based on the concept of Security Lifecycle and the Compass Rose of Security the principles of Analysis were presented:

- System Security Analysis as the process of 
   > identifying the boundaries and assets of the system, 
   > understanding system vulnerabilities and 
   > evaluating possible damages
- Threat Analysis as the process of
   > identifying and understanding the threats,
   > their actors,
   > evaluating their capabilities and motivations
- Risk Analysis as
   > a combination of the results of threat and system analyses
   > to create a priority-ordered list of risks and associated controls

Using the hands-on example of V2V (Vehicle - to - Vehicle) communication in an environment of autonomous driving, the process of identifying Impact Levels and combining possible attackers with respective capabilities to yield a Threat Level Matrix has been described by Joachim and an evaluation method including an algorithm patterned on ISO/SAE 21434 proposal was presented.

Finally a scenario of possible risk mitigations was included in order to demonstrate priority adaptations in the process of Planning and Execution implementation.

The presented concept and process relates directly to the given presentation of Emmanuel Ifrah from SEGULA:

OT Cyber Analytics

For the full conference agenda topics please visit: AutCircle Assembly, Bad Nauheim