ACTISM: Threat-informed Dynamic Security Modelling for Automotive Systems

TL;DR

ACTISM is a dynamic security modeling framework for automotive systems that adapts to evolving threats, improving resilience and safety in cyber-physical environments.

Contribution

It introduces a threat-informed, iterative security modeling approach specifically designed for automotive systems, addressing limitations of static assessment methods.

Findings

Effective application to Tesla EV infotainment system

Practitioners find ACTISM useful for security assessment

Identifies future research directions including automation

Abstract

Evolving cybersecurity threats in complex cyber-physical systems pose significant risks to system functionality and safety. This experience report introduces ACTISM (Automotive Consequence-Driven and Threat-Informed Security Modelling), an integrated security modelling framework that enhances the resilience of automotive systems by dynamically updating their cybersecurity posture in response to prevailing and evolving threats, attacker tactics, and their impact on system functionality and safety. ACTISM addresses the existing knowledge gap in static security assessment methodologies by providing a dynamic and iterative framework. We demonstrate the effectiveness of ACTISM by applying it to a real-world example of the Tesla Electric Vehicle's In-Vehicle Infotainment system, illustrating how the security model can be adapted as new threats emerge. We also report the results of a practitioners' survey on the usefulness of ACTISM and its future directions. The survey highlights avenues for future research and development in this area, including automated vulnerability management workflows for automotive systems.