FMEA application to ensure cybersecurity of technical products

Abstract

Cyber-Physical Systems (CPS) in the automotive industry have deep software and hardware integration due to rapid technological advancements. This increased interconnectivity raises the risk of cybersecurity breaches, necessitating robust security measures. Failure Mode and Effects Analysis (FMEA) is a widely used method to evaluate hardware components' safety and reliability. However, adapting FMEA for effective cybersecurity risk assessment is essential as vehicles rely more on software and intelligent systems. This thesis develops a tailored Cybersecurity FMEA framework for technical products in the automotive industry. It explores FMEA's applicability in ensuring cybersecurity and establishes a connection between FMEA and cybersecurity principles. Drawing parallels between failure modes and cybersecurity implications, FMEA's effectiveness in anticipating and preventing cyberattacks is affirmed. The research integrates FMEA with Cybersecurity Standards (ISO21434 and SAE J3061) for a systematic approach to risk assessment. Involving cybersecurity experts in the FMEA team provides insights into vulnerabilities and mitigation strategies. The proposed Cybersecurity FMEA framework enhances risk management processes, aligns with industry standards, and strengthens cybersecurity posture. It guides organizations through comprehensive risk assessment, adapting FMEA for dynamic cyber threats. This study highlights real-world incidents like the Jeep Cherokee hack, emphasizing the need for robust cybersecurity measures. Bridging the gap between FMEA and cybersecurity, the research proposes a practical solution to support cybersecurity in technical products. As the automotive industry continues to advance, the Cybersecurity FMEA framework offers a proactive and adaptable approach to effectively safeguard against emerging cyber threats.