INTRODUCTION OF CYBERSECURITY INTO VERIFICATION PROCESSES FOR CONSTRUCTION EQUIPMENT : Cybersecurity Verification

Abstract: Technology is evolving at a very fast pace in various domains, including the construction equipment industry. Although the increased automation and connectivity in different products, such as vehicles, heavy machinery, and many others, have advantages, they also have disadvantages. The main disadvantage is that the cybersecurity vulnerabilities increase as the system’s complexity increases. At the same time, the inclusion of cybersecurity processes into the Software Development Life Cycle (SDLC) will soon be mandatory. Therefore, this thesis explores integrating cybersecurity verification processes into the SDLC at Volvo Construction Equipment (VCE). A case study was conducted using a combination of a literature study and a survey. The survey was conducted within the software verification department at VCE to assess the current state of cybersecurity awareness and identify potential strategies for improvement. The survey results indicate a need for increased awareness and education in cybersecurity verification processes. The proposed solution involves training and initiating cybersecurity processes early in the SDLC and gradually introducing them over an extended period. Introductory training sessions are recommended to emphasize the importance and urgency of including cybersecurity processes in the SDLC. A Security Software Development Life Cycle (SSDLC) is also proposed to integrate cybersecurity considerations throughout development. The thesis suggests a phased implementation approach, gradually changing to accommodate varying levels of familiarity with cybersecurity concepts.