Project Scheduling (2)

Project Scope

A project scope refers to the detailed description of the project’s deliverables, boundaries, and goals.
Clearly defining scope ensures all stakeholders are aligned, prevents “scope creep”, and sets measurable objectives for the project.
Critical in determining what parts of the automotive system (hardware, software, networks) will be secured and how regulatory compliance (ISO/SAE 21434, UNECE WP.29) will be maintained.

Project Scope

Focus on protecting automotive systems from cyber threats.
Include both pre-launch (development phase) and post-launch (monitoring, updates) security.
Objectives:
- Compliance: Adhere to regulatory standards (ISO/SAE 21434, UNECE WP.29).
- Risk Mitigation: Identify and mitigate cybersecurity risks throughout the vehicle lifecycle.
- Security by Design: Embed cybersecurity measures during vehicle development.
- Post-Launch Protection: Ensure mechanisms are in place for ongoing cybersecurity monitoring and patching.

Project Scope

Scenario: Atat Motors, an automotive company, is developing a new connected electric vehicle (EV) that will be launched in 18 months. The vehicle must comply with ISO/SAE 21434, UNECE WP.29, and other cybersecurity regulations.
The task is to define the cybersecurity scope and objectives for this project.
Key Stakeholders:
- Automotive engineers
- Software developers
- Compliance officers
- Third-party cybersecurity auditors

Steps to Define Project Scope

Understand the Project’s Requirements:
- Review cybersecurity standards (e.g., ISO/SAE 21434) and regulations (e.g., UNECE WP.29).
- Identify key security requirements based on connected vehicle technology.
Define What’s Included in the Scope:
- Specify components of the vehicle that require cybersecurity (ECUs, infotainment systems, sensors, etc.).
- Include both hardware and software security requirements.
Identify What’s Not Included:
- Clearly outline what is outside the project’s scope to avoid confusion (e.g., non-digital components, unrelated subsystems).
Determine Success Criteria:

Establish measurable cybersecurity goals (e.g., passed vulnerability tests, compliance certifications).

Example Scope Definition

Included:

Secure software development lifecycle for in-vehicle systems.
Penetration testing of vehicle-to-everything (V2X) communications.
Compliance with ISO/SAE 21434 cybersecurity requirements.
Integration of over-the-air (OTA) security patching systems.

Not Included:

Development of non-digital vehicle systems.
Cybersecurity for third-party aftermarket devices not provided by the manufacturer.

Developing Project Objectives

Clear, Measurable Goals: Ensure that the objectives are well-defined, time- bound, and linked to specific outcomes (e.g., complete security testing of all in-vehicle systems within 12 months).
Alignment with Business Goals: Ensure cybersecurity objectives support the company's broader business objectives, such as market launch timelines and regulatory compliance.
Risk Management: Include objectives that focus on mitigating cybersecurity risks (e.g., implement security controls for V2X communications).
Regulatory Compliance: Ensure all cybersecurity objectives meet regulatory standards (e.g., “Achieve ISO/SAE 21434 compliance by Q4 of the project”).

SMART Objectives

Specific: “Secure the infotainment system, communication protocols, and software updates.”
Measurable: “Achieve 100% compliance with ISO/SAE 21434 within 12 months.”
Achievable: “Allocate resources to ensure all security testing is completed on time.”
Relevant: “Align with regulatory needs and business goals of secure vehicle launch.”
Time-bound: “Complete system security testing by the end of Q3.”

Aligning Scope with Compliance

ISO/SAE 21434:
- Requires cybersecurity to be integrated across the entire product lifecycle.
- Ensure that the project scope includes both development and post- launch cybersecurity measures.
UNECE WP.29:
- Mandates cybersecurity management in vehicle types - align objectives with compliance review stages.

Scope Creep

What is Scope Creep?: Uncontrolled expansion to project scope without adjustments to time, cost, and resources.
Impact in Automotive Cybersecurity:
- Adding new cybersecurity features or testing requirements without revisiting timelines can delay project launch.
How to Prevent It:
- Clearly define the initial scope and objectives.
- Establish a process for evaluating changes to scope.
- Regularly review scope in project meetings and adjust resources as needed.

Assignment 1 (5%)

Title: Cybersecurity Assignment for a Connected Vehicle System

Scenario Overview:

A large automaker (e.g., "Future Motors") is developing a new electric vehicle (EV) that requires robust cybersecurity measures.
The automaker needs to ensure compliance with ISO/SAE 21434 and UNECE WP.29 standards throughout the project lifecycle.
You are tasked with scheduling the cybersecurity elements of the project while balancing the project’s time, scope, budget, and quality.

Assignment 1 (5%)

Defining the Project Scope and Objectives (1)

Goal: Ensure that the vehicle’s system is secure by the time of launch, adhering to industry standards and regulations.

Key Deliverables:

Security assessments at each phase (design, implementation, testing, and deployment).
Regular compliance reviews with ISO/SAE 21434 and UNECE WP.29.
Ongoing monitoring and updates for post-launch cybersecurity issues.

Assignment 1 (5%)

Define the project scope using requirements from the fictional automaker and cybersecurity regulations.
Use a tool like MS Word or Confluence to create a project scope document.
Incorporate cybersecurity objectives, compliance requirements, and stakeholder expectations.

Assignment 1 (5%)

Break Down Project Phases (2)

Project Phases (aligned with both Waterfall and Agile approaches):

Requirement Gathering: Collect all requirements related to cybersecurity, both from technical (software, hardware) and regulatory (ISO/SAE 21434) perspectives.
Design: Plan and architect the cybersecurity defenses.
Development: Build the security features.
Testing: Implement penetration tests, vulnerability assessments.
Deployment: Final rollout with ongoing monitoring.
Post-Launch Monitoring: Schedule updates and monitoring for regulatory compliance post-launch.

Assignment 1 (5%)

Task 2

Create a “high-level” Work Breakdown Structure (WBS) for the cybersecurity project, outlining key tasks and sub-tasks for each phase.
Use tools like Trello or Jira to visually map the WBS.

Assignment 1 (5%)

Develop the Initial Project Schedule (3)

Create a Project Timeline:

Establish the duration of each phase (e.g., Requirement Gathering – 2 weeks, Design – 4 weeks, etc.).
Consider external factors like regulatory review times and potential delays in testing.

Assignment 1 (5%)

Task 3

Using MS Project, create a Gantt chart that outlines the timeline for each phase of the cybersecurity project.
Include start/end dates, dependencies between tasks, and milestones (e.g., "Completion of Security Testing").

Assignment 1 (5%)

Apply Waterfall and Agile Methodologies (4)

Waterfall Approach:

Sequentially plan the project’s phases and schedule, with defined start and finish dates for each.
Minimal room for adjustments once phases are underway.

Assignment 1 (5%)

Task 4

Create a Waterfall schedule using MS Project.
Ensure dependencies between phases are mapped clearly (e.g., Testing can’t start until Development is completed).

Assignment 1 (5%)

Apply Waterfall and Agile Methodologies (5)

Agile Approach:

Use iterative planning, where work is broken down into sprints, allowing flexibility to adapt to emerging cybersecurity risks.

Assignment 1 (5%)

Task 5

Create an Agile sprint schedule using Jira.
Define multiple sprints (e.g., 2-week sprints) and list tasks within each sprint (e.g., "Sprint 1 – Threat Modelling", "Sprint 2 – Vulnerability Testing“, etc.).
Build in regular re-evaluations of the schedule to adapt to any changes (e.g., Retrospectives).

Assignment 1 (5%)

FormalReport
ReferencesSourced/Cited...properly(APA) Due Date:

TBD (Week 9)