工場を襲うサイバー攻撃に防衛隊を組織教育
未来2018年1月号 月と鏡集 小川清 p.86 あられ(米菓)一部事後推敲編集済
あられにはチーズが合うと人気出る酒のつまみと三時のおやつ
米の菓子あられ、せんべい、おかき、もち製法特許抄録作製
Food Japan展示会来て議論する自動化機械動作と工夫
量産し市場に溢れりゃ値が下がる需要に見合う自動化必定
工場を襲うサイバー攻撃に防衛隊を組織教育
AIもIoTも略号だ意味full spelling気にせず話す
百均で商品見ると胃が痛む「食べて下さい」「自動化急げ」
サイバー攻撃
2020年から平日は自動車関連ソフトに専念。
サイバー攻撃対応教育も自動車に絞っていることを仮定する。
1. ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering
1.N Normative Reference on ISO/SAE 21434
1.N1 ISO 26262-3:2018, Road vehiclesた — Functional safety — Part 3: Concept phase
https://www.iso.org/standard/68385.html
<個人感想:どこの業界でもあるある。自分の業界の規格を参照するだけ。分野が違おうとあまりこだわっていないのか。サイバー攻撃の規格またはサイバー攻撃の技術基盤となる通信関連規格をNormative Referenceにするとよい。>
1.B Bibliography on ISO/SAE 21434
[1] ISO 26262-1:2018, Road vehicles — Functional safety — Part 1: Vocabulary
[2] ISO 9000:2015, Quality management systems — Fundamentals and vocabulary
[3] ISO 31000:2018, Risk management — Guidelines
[4] ISO/IEC/IEEE 15288:2015, Systems and software engineering — System life cycle processes
[5] ISO/IEC 27000:2018, Information technology — Security techniques — Information security management systems — Overview and vocabulary
[6] ISO/TR 4804, Road vehicles — Safety and cybersecurity for automated driving systems — Design, verification and validation
[7] IATF 16949, Quality management system requirements for automotive production and relevant service parts organizations
[8] ISO 9001, Quality management systems — Requirements
[9] ISO 10007, Quality management — Guidelines for configuration management
[10] ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology
[11] ISO/IEC/IEEE 15288, Systems and software engineering — System life cycle processes
[12] ISO/IEC/IEEE 12207, Systems and software engineering — Software life cycle processes
[13] VDA QMC WORKING GROUP 13 / AUTOMOTIVE SIG. Automotive SPICE Process Assessment / Reference Model, Version 3.1 [online]. Berlin: VDA QMC, November 2017. Available at: http://www.automotivespice.com/fileadmin/software-download/AutomotiveSPICE_PAM_31.pdf
[14] ISO 29147, Information technology — Security techniques — Vulnerability disclosure
[15] IEC 62443-2-1, Industrial communication networks — Network and system security — Part 2-1: Establishing an industrial automation and control system security program
[16] ISO 26262 (all parts), Road vehicles — Functional safety
[17] MISRA C, 2012, Guidelines for the use of the C language in critical systems, 3rd Edition, 1st Revision. Nuneaton, England: HORIBA MIRA, February 2019. ISBN (print/electronic): 978-1-906400-21-7 / 978-1-906400-22-4.
[18] SEI CERT, C Coding Standard – Rules for developing safe, reliable and secure systems [online]. Pittsburgh, Pennsylvania: Software Engineering Institue, Carnegie Mellon University, 2016 [viewed 2021-02-12]. Available at: https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=454220
[19] ROSS, Ron, et al. (2018), Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems [online]. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 1. Updated March 2018 [viewed 2021-02-16]. Available at: https://doi.org/10.6028/NIST.SP.800-160v1
[20] E-SAFETY VEHICLE INTRUSION PROTECTED APPLICATIONS (EVITA), Deliverable D2.3: Security requirements for automotive on-board networks based on dark-side scenarios [online]. Edited by A. Ruddle et al. December 2009 [viewed 2021-01-17]. Available at: https://doi.org/10.5281/zenodo.1188418
[21] ETSI TS 102 165-1, CYBER; Methods and protocols; Part 1: Method and pro forma for Threat, Vulnerability, Risk Analysis (TVRA), Version 5.2.3 [online]. October 2017 [viewed 2021-01-19]. Available at: https://www.etsi.org/deliver/etsi_ts/102100_102199/10216501/05.02.03_60/ts_10216501v050203p.pdf
[22] UcedaVélez, Tony and Morana, Marco M. Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. Hoboken, New Jersey: Wiley, May 2015. ISBN: 978-1-118-98835-0.
[23] ISO/IEC 18045, Information technology — Security techniques — Methodology for IT security evaluation
[24] FORUM OF INCIDENT RESPONSE AND SECURITY TEAMS (FIRST). Common Vulnerability Scoring System (CVSS), Common Vulnerability Scoring System v3.1: Specification Document, [online]. Available at: https://www.first.org/cvss/v3.1/specification-document
[25] ISO/IEC 29100, Information technology — Security techniques — Privacy framework
[26] Automotive ISAC, Automotive Cybersecurity Best Practices [online]. Available at: https://www.automotiveisac.com/best-practices/
[27] FORUM OF INCIDENT RESPONSE AND SECURITY TEAMS (FIRST). Traffic Light Protocol (TLP), FIRST Standards Definitions and Usage Guidance - Version 1.0, [online]. Available at: https://www.first.org/tlp/
[28] ISO/IEC 23822, Information technology — Vocabulary
[29] ISO/IEC 15408 (all parts), Information technology — Security techniques — Evaluation criteria for IT security
[30] ISO/IEC 27001, Information technology — Security techniques — Information security management systems — Requirements
[31] ISO/IEC 27010, Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications
[32] ISO/IEC/IEEE 26511, Systems and software engineering — Requirements for managers of information for users of systems, software, and services
[33] IEC 31010, Risk management — Risk assessment techniques
[34] IEC 61508-7, Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 7: Overview of techniques and measures
[35] JOHNSON, Christopher, et al. (2016) Guide to Cyber Threat Information Sharing [online]. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-150, October 2016 [viewed 2021-02-16]. Available at: https://doi.org/10.6028/NIST.SP.800-150
[36] JOINT TASK FORCE TRANSFORMATION INITIATIVE, 2012), Guide for Conducting Risk Assessments [online]. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-30, Rev. 1. September 2012 [viewed 2021-02-16]. Available at: http://dx.doi.org/10.6028/NIST.SP.800-30r1
[37] SAE J3061, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
[38] SCARFONE, Karen, et al. (2008), Technical Guide to Information Security Testing and Assessment [online]. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-115. September 2008 [viewed 2021-02-16]. Available at: https://doi.org/10.6028/NIST.SP.800-115
[39] TAKANEN, Ari et al. Fuzzing for Software Security and Quality Assurance, Second Edition. Boston, Massachusetts/London: Artech House, January 2018. ISBN: 978-1-60807-850-9.
1.N1 ISO 26262-3:2018, Road vehicles — Functional safety — Part 3: Concept phase
1.N1N Normative Reference ISO 26262-3
ISO 26262-1, Road Vehicles — Functional Safety — Part 1: Vocabulary
ISO 26262-2:2018, Road Vehicles — Functional Safety — Part 2: Management of functional safety
ISO 26262-4:2018, Road vehicles — Functional safety — Part 4: Product development at the system level
ISO 26262-8:2018, Road vehicles — Functional safety — Part 8: Supporting processes
ISO 26262-9:2018, Road vehicles — Functional safety — Part 9: Automotive Safety Integrity Level (ASIL)-oriented and safety-oriented analyses
<個人感想:どこの業界でもあるある。自分の規格しかNormative Referenceにあげていない。軍事産業、航空宇宙産業でも、民生品の規格を参照しようと努力中とお聞きした。自動車業界が民生(民主)化するのはいつのことだろう。>
1.N1B Bibliography ISO 26262-3
Bibliography
[1] ISO 26262-12:2018, Road Vehicles — Functional Safety — Part 12: Adaptation of ISO 26262 for motorcycles
[2] IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic safety-related systems
[3] Abbreviated injury scale; Association of the advancement of Automotive medicine; Barrington, IL, USA Information is also available at www.aaam.org
[4] Code of Practice for the design and evaluation of ADAS, EU Project RESPONSE 3: Oct. 2006; https://www.acea.be/publications/article/code-of-practice-for-the-design-and-evaluation-of-adas
[5] Baker S.P., O’Neill, B., Haddon, W., Long, W.B., The injury severity score: a method for describing patients with multiple injuries and evaluating emergency care. The Journal of Trauma, Vol. 14, No. 3, 1974
[6] Balogh Z., Offner P.J., Moore E.E., Biffl W.L., NISS predicts post injury multiple organ failure better than ISS, The Journal of Trauma, Vol. 48, No. 4, 2000
[1] ISO 26262-1:2018, Road vehicles — Functional safety — Part 1: Vocabulary
[2] ISO 9000:2015, Quality management systems — Fundamentals and vocabulary
[3] ISO 31000:2018, Risk management — Guidelines
[4] ISO/IEC/IEEE 15288:2015, Systems and software engineering — System life cycle processes
[5] ISO/IEC 27000:2018, Information technology — Security techniques — Information security management systems — Overview and vocabulary
[6] ISO/TR 4804, Road vehicles — Safety and cybersecurity for automated driving systems — Design, verification and validation
[7] IATF 16949, Quality management system requirements for automotive production and relevant service parts organizations
[8] ISO 9001, Quality management systems — Requirements
[9] ISO 10007, Quality management — Guidelines for configuration management
[10] ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology
[11] ISO/IEC/IEEE 15288, Systems and software engineering — System life cycle processes
[12] ISO/IEC/IEEE 12207, Systems and software engineering — Software life cycle processes
[13] VDA QMC WORKING GROUP 13 / AUTOMOTIVE SIG. Automotive SPICE Process Assessment / Reference Model, Version 3.1 [online]. Berlin: VDA QMC, November 2017. Available at: http://www.automotivespice.com/fileadmin/software-download/AutomotiveSPICE_PAM_31.pdf
[14] ISO 29147, Information technology — Security techniques — Vulnerability disclosure
[15] IEC 62443-2-1, Industrial communication networks — Network and system security — Part 2-1: Establishing an industrial automation and control system security program
[16] ISO 26262 (all parts), Road vehicles — Functional safety
[17] MISRA C, 2012, Guidelines for the use of the C language in critical systems, 3rd Edition, 1st Revision. Nuneaton, England: HORIBA MIRA, February 2019. ISBN (print/electronic): 978-1-906400-21-7 / 978-1-906400-22-4.
[18] SEI CERT, C Coding Standard – Rules for developing safe, reliable and secure systems [online]. Pittsburgh, Pennsylvania: Software Engineering Institue, Carnegie Mellon University, 2016 [viewed 2021-02-12]. Available at: https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=454220
[19] ROSS, Ron, et al. (2018), Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems [online]. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 1. Updated March 2018 [viewed 2021-02-16]. Available at: https://doi.org/10.6028/NIST.SP.800-160v1
[20] E-SAFETY VEHICLE INTRUSION PROTECTED APPLICATIONS (EVITA), Deliverable D2.3: Security requirements for automotive on-board networks based on dark-side scenarios [online]. Edited by A. Ruddle et al. December 2009 [viewed 2021-01-17]. Available at: https://doi.org/10.5281/zenodo.1188418
[21] ETSI TS 102 165-1, CYBER; Methods and protocols; Part 1: Method and pro forma for Threat, Vulnerability, Risk Analysis (TVRA), Version 5.2.3 [online]. October 2017 [viewed 2021-01-19]. Available at: https://www.etsi.org/deliver/etsi_ts/102100_102199/10216501/05.02.03_60/ts_10216501v050203p.pdf
[22] UcedaVélez, Tony and Morana, Marco M. Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. Hoboken, New Jersey: Wiley, May 2015. ISBN: 978-1-118-98835-0.
[23] ISO/IEC 18045, Information technology — Security techniques — Methodology for IT security evaluation
[24] FORUM OF INCIDENT RESPONSE AND SECURITY TEAMS (FIRST). Common Vulnerability Scoring System (CVSS), Common Vulnerability Scoring System v3.1: Specification Document, [online]. Available at: https://www.first.org/cvss/v3.1/specification-document
[25] ISO/IEC 29100, Information technology — Security techniques — Privacy framework
[26] Automotive ISAC, Automotive Cybersecurity Best Practices [online]. Available at: https://www.automotiveisac.com/best-practices/
[27] FORUM OF INCIDENT RESPONSE AND SECURITY TEAMS (FIRST). Traffic Light Protocol (TLP), FIRST Standards Definitions and Usage Guidance - Version 1.0, [online]. Available at: https://www.first.org/tlp/
[28] ISO/IEC 23822, Information technology — Vocabulary
[29] ISO/IEC 15408 (all parts), Information technology — Security techniques — Evaluation criteria for IT security
[30] ISO/IEC 27001, Information technology — Security techniques — Information security management systems — Requirements
[31] ISO/IEC 27010, Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications
[32] ISO/IEC/IEEE 26511, Systems and software engineering — Requirements for managers of information for users of systems, software, and services
[33] IEC 31010, Risk management — Risk assessment techniques
[34] IEC 61508-7, Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 7: Overview of techniques and measures
[35] JOHNSON, Christopher, et al. (2016) Guide to Cyber Threat Information Sharing [online]. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-150, October 2016 [viewed 2021-02-16]. Available at: https://doi.org/10.6028/NIST.SP.800-150
[36] JOINT TASK FORCE TRANSFORMATION INITIATIVE, 2012), Guide for Conducting Risk Assessments [online]. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-30, Rev. 1. September 2012 [viewed 2021-02-16]. Available at: http://dx.doi.org/10.6028/NIST.SP.800-30r1
[37] SAE J3061, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
[38] SCARFONE, Karen, et al. (2008), Technical Guide to Information Security Testing and Assessment [online]. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-115. September 2008 [viewed 2021-02-16]. Available at: https://doi.org/10.6028/NIST.SP.800-115
[39] TAKANEN, Ari et al. Fuzzing for Software Security and Quality Assurance, Second Edition. Boston, Massachusetts/London: Artech House, January 2018. ISBN: 978-1-60807-850-9.
Bibliography ISO 26262-12
[1] ISO 26262-12:2018, Road Vehicles — Functional Safety — Part 12: Adaptation of ISO 26262 for motorcycles
Normative Reference òn ISO 26262-12
ISO 26262-1, Road vehicles — Functional safety — Part 1: Vocabulary
ISO 26262-2:2018, Road vehicles — Functional safety — Part 2: Management of functional safety
ISO 26262-3:2018, Road vehicles — Functional safety — Part 3: Concept phase
ISO 26262-4:2018, Road vehicles — Functional safety — Part 4: Product development at the system level
ISO 26262-5:2018, Road vehicles — Functional safety — Part 5: Product development at the hardware level
ISO 26262-6:2018, Road vehicles — Functional safety — Part 6: Product development at the software level
ISO 26262-7:2018, Road vehicles — Functional safety — Part 7: Production, operation, service and decommissioning
ISO 26262-8:2018, Road vehicles — Functional safety — Part 8: Supporting processes
ISO 26262-9:2018, Road vehicles — Functional safety — Part 9: Automotive Safety Integrity Level (ASIL)-oriented and safety-oriented analyses
Bibliography ISO 26262-12
[1] Abbreviated injury scale; Association of the advancement of Automotive medicine; Barrington, IL, USA Information is also available at www.aaam.org [viewed 2018-12-11]
[2] Baker S.P., O'Neill B., Haddon W., Long W.B., The injury severity score: a method for describing patients with multiple injuries and evaluating emergency care, The Journal of Trauma, Vol. 14, No. 3, 1974
[3] Balogh Z., Offner P.J., Moore E.E., Biffl W.L., NISS predicts post injury multiple organ failure better than ISS, The Journal of Trauma, Vol. 48, No. 4, 2000
[4] ISO 11451 (all parts), Road vehicles — Vehicle test methods for electrical disturbances from narrowband radiated electromagnetic energy
[5] IEC 61000-6-1, Electromagnetic compatibility (EMC) — Part 6-1: Generic standards — Immunity for residential, commercial and light-industrial environments
[2] IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic safety-related systems
IEC 61508-1:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements (see Functional Safety and IEC 61508)
Normative Reference on IEC 61508-1
IEC 61508-2:2010, Functional safety of electrical/electronic/programmable electronic safety- related systems – Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems
IEC 61508-3:2010, Functional safety of electrical/electronic/programmable electronic safety- related systems – Part 3: Software requirements
IEC 61508-4:2010 Functional safety of electrical/electronic/programmable electronic safety- related systems – Part 4: Definitions and abbreviations
IEC Guide 104:1997, The preparation of safety publications and the use of basic safety publications and group safety publications
ISO/IEC Guide 51:1999, Safety aspects – Guidelines for their inclusion in standards
ISO 26262は、IEC62508をBibliographyに入れている。Normative Referenceではないだから、ISO/IEC Guide 51をNormative Referenceにしていないのはおかしいかも。
IEC Guide 104はBibliographyでいいかも。
Bibliography IEC 62508-1
未確認
[3] Abbreviated injury scale; Association of the advancement of Automotive medicine; Barrington, IL, USA Information is also available at www.aaam.org
[4] Code of Practice for the design and evaluation of ADAS, EU Project RESPONSE 3: Oct. 2006; https://www.acea.be/publications/article/code-of-practice-for-the-design-and-evaluation-of-adas
Annex H References
[ResD2 04]: Becker, S. et al.;Response 2 Del. 2: “Risk Benefit Analysis”; Project Report 2004
[ResD42 99]: Becker, S; Kopf, M. et al.; Response Del. 4.2: “Checklist for theoretical Assessment of Advanced Driver Assis- tance Systems: Methods, Results and Assessment of Applicabil- ity”, Project report 1999
[IP_D4 06]: PReVENT IP public deliverable IP D4 on Functional Requirements
[Schw 04]: Schwarz, J. (2004). RESPONSE II. WP3: Methodolo- gies for Risk-Benefit Analysis.
[Red 97]: Redmill, F ; Rajan, J: Human factors in safety critical systems; Butterworth-Heinemann 1997, p. 49
[5] Baker S.P., O’Neill, B., Haddon, W., Long, W.B., The injury severity score: a method for describing patients with multiple injuries and evaluating emergency care. The Journal of Trauma, Vol. 14, No. 3, 1974
[6] Balogh Z., Offner P.J., Moore E.E., Biffl W.L., NISS predicts post injury multiple organ failure better than ISS, The Journal of Trauma, Vol. 48, No. 4, 2000
文書履歴(document history)
ver. 0.01 初稿 20230930
最後までおよみいただきありがとうございました。
いいね 💚、フォローをお願いします。
Thank you very much for reading to the last sentence.
Please press the like icon 💚 and follow me for your happy life.