A Systematic Review of Threat Analysis and Risk Assessment Methodologies for Connected and Automated Vehicles

With the prevalence of high cyber risks within the Connected Au-tomated Vehicle (CAV)'s environment, the core regulation bodies mandated applying Threat Analysis and Risk Assessment (TARA) methodologies. Conducting auspicious TARA is essential to ensure acceptable level of risk by analysing potential threats and deter-mining corresponding mitigation strategies. Albeit plethora of stan-dardised TARA versions are available, they are not-ready-to-use methods or they do not encapsulate heterogeneous CAVs proper-ties. By considering the TARA emerging trends and the CAVs' SAE automation levels, the present work provides a systematic study of salient TARA methodologies in the last ten years. The methodology we applied starts with a systematic review identifying TARA ap-proaches that are relevant to the automotive domain at a large scope. After that, the methods' applicability to CAVs is evaluated based on their threat analysis avenues and risk metrics. We elevate our appraisal further with a focus on how the automation level is con-sidered, how the privacy impact is assessed by each TARA method, and how subjective the experts were while assessing scores to the risk metrics. Our investigation spotlights how different methods are intertwined and joint to meet the compliance with key standards such as ISO/SAE 21434. We believe that the present study's findings identify knowledge gaps and help to shape the next generation of TARA methods to keep pace with rapidly evolving automotive technologies and support the readiness of CAV of SAE levels four and five.