The transportation industry is experiencing a revolutionary transformation due to advancements in AECS (autonomous, electric, connected, and shared) technology. This has led to a wave of innovations in automotive-specific cybersecurity tooling. As vehicles become increasingly software-defined and connected, the risk of cyber-attacks rises exponentially, making automotive cybersecurity a critical challenge. Moreover, automotive cybersecurity is now regulated in the UNECE countries, adding further pressure on the industry to comply with the ISO/SAE 21434 standard, UNECE R155/R156 regulation. Failure to implement cybersecurity measures will result in the loosing access to market after July 2024.
The recently published ISO/SAE 21434 standard includes clauses 15 and 8, which describe the process and requirements for conducting threat and risk assessments (TARA) and managing vulnerabilities for automotive products. However, the standards do not promote or mandate specific cybersecurity tools for conducting risk assessments and vulnerability management.
The current state of automotive cybersecurity tooling is manual, labour-intensive, costly, and lacks automation, resulting in slow, unmanaged risk assessments and threat modelling. With increasing digitisation and software-oriented vehicles, cybersecurity becomes crucial. The inadequacy of the current tooling demands a solution that meets regulatory standards while streamlining and automating cybersecurity risk assessments and threat modelling.
Secure Elements innovation CRISKLE, is a cutting-edge software as a service (SaaS) platform for conducting threat and risk assessments, vulnerability management and threat modelling. CRISKLE automates requirements outlined in Clause 15 and Clause 8 of the ISO/SAE 21434 standard, integrating threat modelling scenarios from UNECE WP 29 Annex 5 and customised scenarios based on project needs. However, there is a need to generate and automate threat libraries/scenarios using Generative AI to enhance CRISKLE’s intelligence to guide security professionals in conducting risk assessments and generating security controls based on the new threat models.
By integrating Generative AI in CRISKLE, we aim to develop more effective cybersecurity threat models.This feasibility study presents an opportunity to explore the untapped potential of Generative AI in the transportation (automotive) cybersecurity industry, moving beyond traditional methods of generating threat models and security controls thereby improving and accelerating the effectiveness of CRISKLE.
Through this feasibility study, we will collaborate with leading experts in Generative AI and automotive cybersecurity, leveraging our team’s expertise in both domains. This study is a crucial step in positioning ourselves at the forefront of the transportation cybersecurity revolution paving the way for enhanced cybersecurity tooling solutions with integrated Generative AI capability to be made available to mass market.