What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to address the increasingly serious cybersecurity threats in modern automotive systems. With the advancement of automotive technology, automotive systems have integrated more and more advanced sensors, connection options and computing units. This not only enhances the functions and performance of vehicles, but also significantly expands the potential attack surface, making automotive systems more vulnerable to cybersecurity attacks. Specifically, the paper points out the following key issues: 1. **Limitations of existing security modelling methods**: - Many existing threat and attack models mainly focus on information technology (IT) systems and are difficult to be directly applied to complex automotive systems. - Existing models usually only perform threat modelling in the early stages of system development, ignoring the dynamic changes and emerging threats in the subsequent life cycle. - Physical attack vectors (such as man - in - the - middle attacks through USB interfaces) are not fully considered in the existing literature, resulting in loopholes in the overall security design. - Some evaluation frameworks (such as HEAVENS 1.0 and CVSS 2.0) are out - of - date and cannot provide sufficient accuracy and detail. 2. **Unique challenges in automotive cybersecurity**: - Cybersecurity events in automotive systems may lead to complex failure modes, including physical and network consequences, such as vehicle mis - navigation or dangerous situations. - The life cycle of automotive systems is relatively long (usually 10 to 20 years), so a modelling method that can adapt to long - term evolving threats and attacks is required. 3. **Lack of comprehensive dynamic security modelling methods**: - Current security modelling methods do not fully consider multi - path and multi - agent real - world cyber - physical attacks, nor do they fully integrate threat intelligence and continuous security monitoring. To solve these problems, the paper proposes a new security modelling method - ACTISM (Automotive Consequence - Driven and Threat - Informed Security Modelling). This method has the following characteristics: - **Dynamic update**: By integrating threat intelligence and continuous security monitoring, it ensures that the security model can adapt to the constantly changing threat environment. - **Comprehensive coverage**: It covers the whole process from asset identification, data flow diagram construction, threat modelling, impact assessment, attack modelling, attack feasibility assessment to risk assessment. - **Iterative improvement**: Through regular review and update, it ensures that the security model remains effective and relevant throughout the automotive life cycle. Through these improvements, ACTISM aims to provide a more comprehensive, dynamic and adaptable security modelling method to deal with the complex and constantly changing cybersecurity threats in modern automotive systems.