National Institute of Standards and Technology (NIST) cybersecurity risk management framework applied to modern vehicles

The primary objective of the work described in this report is to review the National Institute of Science and Technology (NIST) guidelines and foundational publications from an automotive cybersecurity risk management stand-point. The NIST approach is often used as a baseline to develop a more targeted risk management approach for the specific use cases and issues in specific industries and sectors. This report can be considered as a primer that establishes a baseline conceptual understanding of the NIST approach for the readers and a common vocabulary for discussing risk management for the automotive sector. Additional work would be needed to more effectively apply this framework to the automotive sector. This publication is part of a series of reports that describe the authors' initial work under the goal of facilitating cybersecurity best practices in the automotive industry (Goals 1 and 2). The information presented herein increases the collective knowledge base in automotive cybersecurity; helps identify potential knowledge gaps; helps describe the risk and threat environments; and helps support follow-on tasks that could be used to establish security guidelines.