This work addresses the limitation of traditional Failure Modes and Effects Analysis (FMEA) in automotive semiconductors, which focuses solely on functional safety while neglecting the synergistic vulnerabilities and common-cause consequences arising from interactions with cybersecurity. To bridge this gap, the authors propose a unified Functional Safety and Cybersecurity Threat and Risk Analysis (FTMEA) framework that introduces, for the first time, quantifiable Cross-Domain Correlation Factors (CDCFs). These CDCFs integrate expert knowledge, static structural analysis (e.g., controllability and observability), and empirical data from fault and attack injection experiments to enable a cohesive risk modeling and prioritization mechanism. Applied to an automotive ASIC configuration register case study, the approach successfully identifies cross-domain risks overlooked by conventional FMEA and TARA, significantly enhancing the effectiveness of mitigation strategies and providing traceable, quantifiable risk assessment evidence.

The automotive industry faces increasing challenges in ensuring both functional safety (FuSa) and cybersecurity for complex semiconductor devices. Traditional Failure Mode and Effects Analysis (FMEA) primarily addresses safety-related failure modes, often overlooking synergistic vulnerabilities and shared consequences with cybersecurity threats. This paper introduces an Integrated Failure and Threat Mode and Effect Analysis (FTMEA) framework that systematically co-analyzes FuSa and cybersecurity. A cornerstone of this framework is the introduction of rigorously defined Cross-Domain Correlation Factors (CDCFs), which quantify the interdependencies and mutual influences between safety-related failures and cybersecurity threats. These factors are derived from a combination of structured expert knowledge, static structural analysis metrics (e.g., Controllability/Observability), and validated against empirical data from fault/attack injection campaigns. We propose a modified Risk Priority Number (RPN) calculation that systematically integrates these correlation factors, enabling a more accurate and transparent prioritization of risks that span both domains. A detailed case study involving an automotive ASIC configuration register proves the practical application of the FTMEA. We present explicit mapping tables, quantitative CDCF values, and a comparative analysis against a baseline FMEA/TARA (Threat Analysis and Risk Assessment), illustrating how the integrated approach uncovers previously masked cross-domain risks, improves mitigation strategy effectiveness, and provides a clear quantitative justification for the derived correlation values. This framework offers a unified, traceable, methodology for risk assessment in critical automotive systems, thereby overcoming the limitations of conventional analyses and promoting optimized, cross-disciplinary development.