Need for the Continuous Evolution of Systems Engineering Practices for Modern Vehicle Engineering

  • Richard Messnarz
  • Alexander Much
  • Christian Kreiner
  • Miklos BiroEmail author
  • Jenny Gorner
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 748)


Cars of the future (ADAS – Autonomous self-driving assistant) will need to cover a number of new standards for mechatronic design and networking of the car in the cloud. This includes job roles for ISO 26262, IEC 61508 (functional safety), SAE J3061 (cybersecurity), etc. For instance, a car driving on a street will exchange information with neighbouring cars and learn the right steering angle, speed, etc. while the driver is using the car like a work place. Manufacturers plan to produce from 2030 only cars which have such a self-driving function incorporated. The design of new electric cars will require new infrastructures, new energy management, new battery concepts, and also new materials design (light weight and still resistant), and the job role pool will include these key skills as well. The production of cars will be with connected plants, robots to be programmed, and central production servers to coordinate the industry 4.0 type of production virtually across the world. And the new cybersecurity norm SAE J3061 will develop further in the next years because by moving the cars to the cloud and the production to industry 4.0 leaves Europe’s industry vulnerable to attacks if this is not handled. Also the medical systems move towards an IoT (Internet of Things) approach where people receive implants which read out the data and transport them to the mobile which forwards the data to a medical service in the cloud where data are used by states and hospitals.


Strategy projects Vision of networked services Change towards a service driven architecture in automotive and other domains like the medical device industry AQUA Safety Security 



Elektrobit Automotive GmbH, TU Graz, and ISCN GesmbH are part of the SOQRATES [24] working group and we are grateful to the experts who have contributed to the working groups and to the design principles in this paper. We are also grateful to the European Commission which has funded some of the initiatives referenced in this paper such as GEAR 2030, ECQA Certified Functional Safety Manager (2012 2014), ECQA Certified Automotive Quality Engineer Integrated and AQUA (Knowledge Alliance for Quality in Automotive Engineering, 2013–2015), and AQU (Automotive Quality Universities, 2015–2017). The research reported in this paper has also been supported by the Austrian Ministry for Transport, Innovation and Technology, the Federal Ministry of Science, Research and Economy, and the Province of Upper Austria in the frame of the COMET center SCCH.


  1. 1.
    Kreiner, C.J., Macher, G., Riel, A.: Integrating automotive hazard and threat analysis methods: how does this fit with assumptions of the SAE J3061? Softw. Qual. Prof. 18(4), 37–46 (2016)Google Scholar
  2. 2.
    Messnarz, R., Kreiner, C., Riel, A., Tichkiewitch, S., Ekert, D., Langgner, M., Theisens, D.: Integrating functional safety, automotive SPICE and six sigma – the AQUA knowledge base and integration examples. In: Barafort, B., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) EuroSPI 2014. CCIS, vol. 425, pp. 285–295. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-43896-1_26 Google Scholar
  3. 3.
    Kreiner, C., Messnarz, R., Riel, A., Ekert, D., Langgner, M., Theisens, D., Reiner, M.: Automotive knowledge alliance AQUA – integrating automotive SPICE, six sigma, and functional safety. In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 333–344. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39179-8_30 CrossRefGoogle Scholar
  4. 4.
    Macher, G., Messnarz, R., Armengaud, E., Riel, A., Brenner, E., Kreiner, C.: Integrated safety and security development in the automotive domain. SAE Technical Paper 2017-01-1661, USA (2017). doi: 10.4271/2017-01-1661
  5. 5.
    Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Softw. Qual. Prof. 18(4), 13–23 (2016)Google Scholar
  6. 6.
    Messnarz, R., Kreiner, C., Bachmann, O., Riel, A., Dussa-Zieger, K., Nevalainen, R., Tichkiewitch, S.: Implementing functional safety standards – experiences from the trials about required knowledge and competencies (SafEUr). In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 323–332. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39179-8_29 CrossRefGoogle Scholar
  7. 7.
    Much, A.: Automotive security: challenges, standards, and solutions. Softw. Qual. Prof. 18(4) (2016) Google Scholar
  8. 8.
    Riel, A., Bachmann, V.O., Dussa-Zieger, K., Kreiner, C., Messnarz, R., Nevalainen, R., Sechser, B., Tichkiewitch, S.: EU project SafEUr – competence requirements for functional safety managers. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2012. CCIS, vol. 301, pp. 253–265. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31199-4_22 CrossRefGoogle Scholar
  9. 9.
    Santer, C., Messnarz, R., Much, A., Ekert, D., Riel, A.: Integrating assessment models for ASPICE, functional safety, and cybersecurity. Softw. Qual. Prof. 18(4), 24–36 (2016)Google Scholar
  10. 10.
    International Electrotechnical Commission (IEC): IEC 61508 2nd ed: Functional safety of electrical/electronic/programmable electronic safety-related systems – Parts 1–7 (2010)Google Scholar
  11. 11.
    International Electrotechnical Commission (IEC): IEC 62304: Medical device software – Software life cycle processes (2006)Google Scholar
  12. 12.
    International Electrotechnical Commission (IEC): IEC 62443: Industrial communication networks – Network and system security (2008–2013)Google Scholar
  13. 13.
    International Organization for Standardization (ISO): ISO 9001 - Quality management systems – Requirements (2015)Google Scholar
  14. 14.
    International Organization for Standardization (ISO): ISO 12207 - Systems and software engineering - Software lifecycle processes (2008)Google Scholar
  15. 15.
    International Organization for Standardization (ISO): Systems and software engineering – Systems and software assurance (2011, 2013, 2015)Google Scholar
  16. 16.
    International Organization for Standardization (ISO): ISO/IEC 15408: Information technology – Security techniques – Evaluation criteria for IT security – Parts 1–2 (2008, 2009)Google Scholar
  17. 17.
    International Organization for Standardization (ISO): ISO/IEC 15504 – Information technology – Process assessment – Parts 1–10 (2004–2010)Google Scholar
  18. 18.
    International Organization for Standardization (ISO): ISO/TS 16949 – Quality management systems – Particular requirements for the application of ISO 9001:2008 for automotive production and relevant service part organizations (2009)Google Scholar
  19. 19.
    International Organization for Standardization (ISO): ISO/IEC TS 17961: Information technology – Programming languages, their environments and system software interfaces – C secure coding rules (2013)Google Scholar
  20. 20.
    International Organization for Standardization (ISO): ISO 26262. Road vehicles – Functional safety – Parts 1–9 (2011)Google Scholar
  21. 21.
    International Organization for Standardization (ISO): ISO/IEC 27001: - Information technology - Security techniques - Information security management systems – Requirements (2015)Google Scholar
  22. 22.
    International Organization for Standardization (ISO): ISO/IEC 27002: Information technology - Security techniques. Code of Practice for Information Security Controls (2008)Google Scholar
  23. 23.
    GEAR 2030, European Commission, Commission launches GEAR 2030 to boost competitiveness and growth in the automotive sector (2016).
  24. 24.
    SOQRATES. Accessed 15 May 2017
  25. 25.
    Automotive SPICE – Process Assessment Model v2.5 (2010), and v3.0 (2015).
  26. 26.
    MIRA Limited: MISRA-C:2004, Guideline for the use of the C language in critical systems (2004)Google Scholar
  27. 27.
    MIRA Limited: MISRA C:2012, Guidelines for the use of the C language in critical systems (2013)Google Scholar
  28. 28.
    MIRA Limited: MISRA C++: 2008, Guidelines for the use of the C++ language in critical systems (2008)Google Scholar
  29. 29.
    Microsoft Security Development Lifecycle. Accessed 10 Mar 2016
  30. 30.
    OWASP Project, OpenSAMM, Software Assurance Maturity Model. Accessed 15 May 2017
  31. 31.
    EVITA project, E-safety vehicle intrusion protected applications. Accessed 15 May 2017
  32. 32.
    HEAVENS, HEAling Vulnerabilities to ENhance Software Security and Safety, Deliverable D2 Security models. HEAVENS Project, Deliverable D2, Release 1, December 2014, Accessed 15 May 2017
  33. 33.
    SAE International, SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, January 2016Google Scholar
  34. 34.
    Czerny, B.: System security and system safety engineering: differences and similarities and a system security engineering process based on the iso 26262 process framework. SAE Int. J. Passeng. Cars Electron. Electr. Syst. 6(1) (2013). doi: 10.4271/2013-01-1419

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Richard Messnarz
    • 3
  • Alexander Much
    • 4
  • Christian Kreiner
    • 5
  • Miklos Biro
    • 1
    Email author
  • Jenny Gorner
    • 2
  1. 1.SCCHHagenbergAustria
  2. 2.KNOWITGöteborgSweden
  3. 3.ISCN GesmbHGrazAustria
  4. 4.ELEKTROBITErlangenGermany
  5. 5.TU GrazGrazAustria

Personalised recommendations