How to Manage Cybersecurity in Jama Connect® for Automotive and Semiconductor Industries
|
In this blog post, we summarize our Whitepaper titled “How to Manage Cybersecurity in Jama Connect® for Automotive and Semiconductor Industries” – Written by Kevin Dibble and Jama Software. Click HERE to read the full thing.
How to Manage Cybersecurity in Jama Connect® for Automotive and Semiconductor Industries
Learn how automotive and semiconductor teams use requirements management tools to support meeting ISO/SAE 21434 while increasing visibility, collaboration, and review-cycle efficiency.
Security threats such as malware, ransomware, and data breaches impact many industries, but with expanded connectivity in the automotive and semiconductor sectors, increased urgency exists to safeguard against fast evolving risks.
Research shows that 91% of vehicles are connected, and that number is expected to rise to 96% by 2030. With more automobiles and semiconductor devices being connected, attack surfaces (cybersecurity vulnerabilities) are expanding quickly, and the ISO/SAE 21434 standard aims to understand and safeguard against potential threats.
However, managing a cybersecurity case within the standard requires many steps, and cross-team visibility and collaboration are often challenging. As a result, some teams are turning to requirements management tools to help improve visibility and increase transparency in review cycles.
If you haven’t used a formal requirements management tool before, understanding the benefits, advantages, and how it works helps determine if it’s right for your team.
RELATED: A Guide to Road Vehicle Cybersecurity According to ISO 21434
Why manage a cybersecurity case in a requirements management tool?
A cybersecurity case is a structured argument supported by the evidence of work products to detail why risks found within the Threat Analysis and Risk Assessment (TARA) are reasonable.
Creating a cybersecurity case for ISO/SAE 21434 is a complex process with many moving parts. Using a requirements management tool has many benefits, including improved traceability, easier collaboration, and improved functionality for reviews.
Here are several ways a tool can help.
1. Improved collaboration between OEMs and tier 1 and 2 suppliers. A requirements management tool, such as Jama Connect®, supports requirements interchange format (ReqIF), which can be used for bidirectional communication of requirements, item definitions, and more. Using the tool, you can support improved collaboration workflows.
2. Provides “trace as you go” visibility. You don’t want traceability to be an afterthought handled by your requirements engineer at the end of the project, especially when that project is complex. A purpose-built requirements management tool, like Jama Connect, allows you to create requirements tracing to parent requirements, design blocks for requirements allocation, and more. It supports a trace-as-you-go methodology.
3. Access impact analysis to handle midstream project changes more effectively. Jama Connect provides access to an impact analysis, a powerful capability supporting the trace-as-you-go approach. Running an impact analysis as project changes happen midstream allows for greater understanding and visibility.
4. Automatically generate test coverage reports. With Jama Connect, you can allocate requirements to design blocks or interconnect the requirements management system to design tools. Using tools like Design Architect provides powerful analytics and test coverage reports that are automatically generated.
5. Connect tools and avoid disjointed tooling challenges. Disconnected tools are often a source of visibility issues. Jama Connect links disparate tools and offers a “toolchain view” for more seamless tool functioning and visibility, like with the Design Architect example above.
6. View exactly where you’re at in a project in real-time. As you move through the management of a case, it’s important to see where you are in the process so you can stay on track. Jama Connect can provide analytics that clearly indicate where you’re at in a project, including allocated requirements, tests that have been covered, and more.
RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries
How does a requirements management tool fit with the ISO/SAE 21434 standard?
Traceability, collaboration, and improved review processes are all benefits of a purpose-built requirements management tool, but to understand how it works, it helps to have an example. In the details below, we’ve used the Jama Connect platform as an example to see how it works – from product-dependent cybersecurity management to threat analysis and risk assessment methods.
ISO/SAE 21434 is organized by clauses and subclauses, broken out below.
The right requirements management tool will enable your teams to optimize the development process in many of the above areas. Specifically, here’s a breakdown of how the Jama Connect platform supports each of them, as indicated by the box’s color.
Green. These areas are fully supported and recommended to be implemented in Jama Connect. For example, when viewing section 9 in the chart above under the “Concept” heading, Jama Connect supports the item definition, cybersecurity goals, and cybersecurity concept.
Yellow. These are optional and can be implemented in Jama Connect. For example, you’ll see subclauses 5.4.3 “Information sharing” and 5.4.4. “Management systems” fall into this category.
Yellow-green. These are partially supported in the tool. In other words, Jama Connect can support some of the requirements but not all of them. As an example, 10.4.1 “Design” and 10.4.2 “Integration and verification” are included in this category.
Red boxes. These are not recommended for support in Jama Connect and are usually handled with an in-house tool instead—in that some are processes that expand throughout the organization, and some are activities or work products suited for alternative best-of-breed tools. The progression of these work products can, however, be brought back to Jama Connect to reflect status through the Cybersecurity case. An example is the areas under the “post-development phases, including 12 “Production” and 13 “Operations and maintenance.”
One of Jama Connect’s most powerful capabilities is supporting the green and yellow categories through document building and generation. The tool supports the process of building and reviewing documentation with real-time collaboration as well as creating documentation with a single click and no post-processing.
TO DOWNLOAD THIS WHITEPAPER IN ITS ENTIRETY, VISIT:
How to Manage Cybersecurity in Jama Connect® for Automotive and Semiconductor Industries
President at Reinnovate Consulting
As a Engineering Consultant, I help companies primarily in the Automotive Industry improve their agile adoption and automotive compliance to ISO 26262, ASPICE, and ISO 21434 by leveraging the ASPICE model, the ISO 26262 and ISO 21434 standard, and Agile / Lean principles.
As an interim CTO and Go to Market expert, I help companies, mainly startups, create and implement strategies to iteratively deliver innovate products based on Agile methods and state of the art targeted marketing.
Specialties: Agile Software Development, ASPICE, ISO 26262, ISO 21434, Model Driven Design, Artificial Intelligence, Machine Learning (ML), Natural Language Processing (NLP), Embedded Systems, 2D and 3D Graphics Technology, OpenGL, Marketing Technology, MultiVariant / MVT, A/B testing, Behavioral Targeting, Segmentation, Personalization, Lead Generation.
As an interim CTO and Go to Market expert, I help companies, mainly startups, create and implement strategies to iteratively deliver innovate products based on Agile methods and state of the art targeted marketing.
Specialties: Agile Software Development, ASPICE, ISO 26262, ISO 21434, Model Driven Design, Artificial Intelligence, Machine Learning (ML), Natural Language Processing (NLP), Embedded Systems, 2D and 3D Graphics Technology, OpenGL, Marketing Technology, MultiVariant / MVT, A/B testing, Behavioral Targeting, Segmentation, Personalization, Lead Generation.
Latest posts by Kevin Dibble (see all)