Towards an ISO/SAE 21434 vehicle cybersecurity case

Vehicle type approval now requires preliminary analysis and management of, as well as ongoing monitoring and response to, possible cybersecurity threats. Among the associated activities identified in the automotive cybersecurity engineering standard ISO/SAE 21434 is a requirement to develop an assurance case for cybersecurity. This paper considers the scope, content and representation of a vehicle cybersecurity case for ISO/SAE 21434 purposes. In addition, a preliminary outline for the construction and development of such a vehicle cybersecurity case is proposed. Nonetheless, the approach and argument structure could be adapted for cybersecurity cases for items or components within a vehicle