Cybersecurity risk analysis of an automated driving system

New laws and technologies, but also persistent problems like truck driver shortage, have led to advances in the field of autonomous driving and consequently to new cyber risks. We present the results of our cyber security risk analysis for a Control Center-supervised Level 4 Automated Driving System (ADS), whose system model we created through expert interviews with a global truck manufacturer.
Example damage scenarios with high impact rating include Disclosure of video data, Loss of ADS function in motion, Dangerous driving maneuvers, and Activation outside of Operational Design Domain. We have identified over 200 threat scenarios, consisting of a combination of main attack steps that threaten specific parts of the item and preparation steps that determine how these parts are accessed and by which type of attacker. Without taking controls into account, the realization of these threat scenarios results in 65 significant risks.
We propose to treat the threat scenarios, on the one hand, by claims concerning implementation-relevant aspects as Detection of system failure and security controls such as Authentic transmission of data.
We conclude by detailing principles we have extracted from our analysis that can be applied to other cyber security risk analyses of automated driving systems.