Automotive Cybersecurity Engineering Standardization and Regulation
/Ahmed Adel Mahmoud Mahmoud Mohamed
- 2025
- p. ill. 21 cm.
Supervisor: Heba Aslan
Thesis (M.A.)—Nile University, Egypt, 2025 .
"Includes bibliographical references"
Contents:
Abstract: In a world increasingly defined by software advancements, particularly in the automotive sector, organizations face challenges in standardizing and enhancing engineering practices to keep pace with rapidly evolving products. One significant challenge is implementing effective cybersecurity engineering and management practices. Recently, numerous standards and regulations have been introduced to support cybersecurity in vehicle engineering. Organizations like ISO, SAE International, and VDA have issued automotive cybersecurity-focused standards, gaining traction among car manufacturers and parts suppliers. Demographic regulations for vehicle approvals emphasize achieving compliance, particularly in cybersecurity and safety. UNECE regulations drive industry attention toward adopting standardized cybersecurity practices. However, simultaneous adherence to various automotive standards can increase "The Cost of Quality" due to redundancy and inconsistencies. In this thesis, solutions are proposed to reduce the cost of standardized development and compliance overhead. The primary contributions of this thesis include analyzing key standards and frameworks, cross-referencing intersected areas and different requirements to develop a new bilateral integrated standard model for enhanced cybersecurity engineering practices. This model is designed for easy understanding and implementation by practitioners, providing development categories, model requirements, and sequences of standard-compliant activities. Additionally, the thesis demonstrates real operational experimentation results of applying the model in different industry projects, enhancing the model in an empirical process, and proposing an automated tool for critical cybersecurity practices to further reduce costs. Applying the proposed bilateral model to four experimentation projects showed a 40-60% reduction in cybersecurity engineering operation costs, primarily due to decreased duration and effort for cybersecurity-specific engineering tasks.