Automotive Security 2-in-1 course

As everything becomes more and more connected, cyberattacks pose an increasing threat to vehicles. This is the starting point for our comprehensive training. Our courses provide a detailed overview of standards and different methods, also providing beginners with tips on building security know-how step by step (Module 1). You will also gain insights into the technology used to secure connected vehicles (Module 2). Practical instructions are also part and parcel of this combined course.

BACK TO SECURITY-TRAININGS
  • Automotive Security 2-in-1 course

    Training objectives & content

    Training is organised as a three-day intensive course to provide you with insights into the fundamental requirements of automotive security. 

    Perspectives

    • From the angle of a development department with a clear mandate to deliver safe systems (Module 1) 
    • From a technological standpoint, looking at the most effective way to design such systems (Module 2)

    On the first two days, you will become familiar with risk scenarios and the context of potential attacks. This will involve taking a close look at understanding the kind of situations in which attacks take place and how to recognise threats using risk assessment. You will also discuss the differences and overlaps between the tasks of privacy and functional safety (ISO 26262).

    To counter these threats, the third day looks at technical measures. This gives you detailed insights into the backbone technology of connected IT infrastructures and the context in which connected vehicles travel.

    A section looking at first steps in automotive security provides you with practical pointers on introducing automotive security to your projects. 

    •   
    •   
    •   
    •   
    •   

    TARGET GROUP OF THE FUNDAMENTALS COURSE ON CYBERSECURITY

    Employees who need comprehensive insights into threat scenarios, defence strategies and a fundamental, end-to-end understanding of involved technologies. 

    • Especially product development engineers, project managers, and specialists who will be responsible for security tasks in the future. 
    • No prior knowledge in the security environment is required, but an interest in and understanding of technical interrelationships is an advantage.
    KNOWING HOW IT’S DONE

    Whether its certification training you need or an individual workshop, you always benefit from the full advantages of our know-how. We will design the right training to match your needs, for you (individually) as an expert, or as an exclusive in-house course for your company. Our experts offer all courses in German and English.

    Smilja Mateja, Training Coordination

    DAY 1 AND 2: OVERVIEW, FUNDAMENTALS AND STANDARDS (MODULE 1)

    You will work through the potential attack scenarios in order to identify and address vulnerabilities in advance. This includes human intervention and how to introduce safeguards based on methodical systems engineering – safe programming, safe code and aspects of functional safety. To do this, we introduce you to the fundamentals of different methods and relevant standards. 

    • Information security and managing cybersecurity
      You will look at uncertainty and gain a fundamental understanding of how to determine and define the scope of security – from information and IT security to cybersecurity and the aims of providing protection: data transfers, confidentiality, integrity and availability.
      To minimise uncertainty, you will be introduced to the initial effective control mechanisms that allow you to safeguard security in technical terms on an organisational level.
    • Privacy
      You will gain a fundamental understanding of the requirements of European General Data Protection Regulations with respect to vehicle development. You will also be introduced to the potential traps that await you when processing personal user data.
      First steps – Safeguarding the privacy of vehicle functions
    • Functional safety and security
      You will look at functional safety and security as two sides of the same coin during the lifetime of a vehicle.                                           As well as allowing you to understand different areas of overlap, you will also understand various ways of looking at and dealing with the two user safety concepts.
    • Automotive standards.
      Development according to the industry standard Automotive SPICE® works well in complement to automotive security safeguards. The links between these standards and their influence on automotive electronics are also of interest: SAE J3061TM, FIPS, NIST SP 800-53, FIPP, EVITA and a first look at the pending security norm ISO/SAE 21434.
      First steps: recommendations that help you maintain an overview of your security activities.
    • Hacking and automotive hacks
      Gain an understanding of the reasons for hacking, what hackers hope to achieve and what makes them tick. This includes looking at threat categories according to the STRIDE model. The emphasis lies on the particular features of vehicles, such as CAN, automotive ethernet and control unit functions that are particularly at risk.
    • Security standards and managing risk
      You will become familiar with the security standards that are relevant to the automotive sector and understand the differences between conducting a risk analysis on security, functional safety and data protection. (MS SDL, CC, ISA/IEC 62443, 27k family, BSI. For risk management: STRIDE, DREAD, CERT-X, ISA/IEC 62443-3-2, ISO 27005, BSI 200-3, NIST SP 800-30, ISO/SAE 21434, OWASP, SAMM. Threat analysis: MITRE, NIST, NVD. Methods: security FMEA, ATA)
      First steps: suggested procedure for integrating risk analysis into your product life cycle

    DAY 3: THE TECHNICAL REQUIREMENTS OF AUTOMOTIVE SECURITY (MODULE 2)

    • The need for security in vehicle design
      You will gain insights into the encryption of communication between vehicle components (intra-vehicle) and between vehicles (inter-vehicle), and the necessary authentications. These include the protection of updates, privacy issues in statistical data collection, the impact of firewalls and VPNs (intra-vehicle and inter-vehicle), as well as firewalls, VPNs and encryption in telemetry applications.
    • Fundamentals of encryption technology
      You deal with symmetric algorithms such as ciphers (block and stream ciphers), the problems encountered with the symmetric key exchange and brute-force attacks on connected vehicles and their infrastructures. Also on the agenda: asymmetric algorithms, including public and private keys, man-in-the-middle attacks, checksum protection, digital signatures and public key infrastructures.
    • Firewalls in IP-based networks
      You will gain a basic understanding of firewall topologies, perimeter firewalls, DMZ and security zones, as well as internal firewalls. In addition, you will encounter firewall typologies for layer architectures based on OSI: we will talk about filters for MAC addresses and IP, data packets (stateless and stateful) as well as application-related firewalls and proxies. 
    • Privacy and anonymity
      Privacy and anonymity are important topics for anonymisation proxies and onion routing. This theme is also rounded off by virtual private networks. You will learn more about basic VPN design, be shown a comparison of OpenVPN and IPSEC, and then learn more about further developments in VPN technology.

    Next training

    Book early to receive an early-bird discount or apply for a group discount on course fees.

    KNOWING HOW IT’S DONE

    Whether its certification training you need or an individual workshop, you always benefit from the full advantages of our know-how. We will design the right training to match your needs, for you (individually) as an expert, or as an exclusive in-house course for your company. Our experts offer all courses in German and English.

    Smilja Mateja, Training Coordination

    Extra value

    LEARNING IN A PLEASANT AND FRIENDLY ATMOSPHERE

    We look forward to welcoming you to our training courses. To make it easier for you to concentrate on your course, we do everything we can to make your stay as pleasant as possible. 

    If your course lasts more than four days, we would be delighted to invite you out for the evening. This is also a useful opportunity to discuss what you have learnt or experienced with other course participants and forge friendships.

    UNIVERSITY OF STUTTGART

    Is cybersecurity a realistic goal with so many network and new connectivity solutions around? Dr Thomas Liedtke looks at this topic as part of a round-robin seminar at the software and automation forum at Stuttgart University.

    INTERESTED IN FINDING OUT MORE?

     

    WHAT THE NEW YORK TIMES SAYS ABOUT AUTOMOTIVE SECURITY

    How does automotive security work in practice if connected vehicles are basically computers on wheels? This was the question posed by the New York Times. Automotive security expert Steve Tengler, Principal at Kugler Maag Cie, digs deeper.

    INTERESTED IN FINDING OUT MORE?

    THREE KEY QUESTIONS ON CYBERSECURITY

    HOW DO I STAY ON THE SAFE SIDE? Which tasks should my company take on and which tasks can I trust business partners to take care of? At wardsauto.com (third-party website), Steve Tengler, principal and automotive expert at Kugler Maag Cie in the United States, discusses who should hold the hot potato, and the conflicting interests of security solutions.

    INTERESTED IN FINDING OUT MORE?

    Process & organisation

    Information on the training programme

    Some courses take place several times a year as classroom training sessions. Others are only offered as in-house training.

    To make a binding reservation, book directly through the website or send us an order. We will confirm course dates as soon as we have received a minimum number of reservations. You will be sent all required information on course arrangements in advance. Fees include digital course materials, and, if you come to our sites, lunch and refreshments during breaks.

    Most of our courses can also be booked as in-house training sessions. Our instructors will be happy to travel directly to your place of work and train your teams on site. We can also mix and match the content of in-house courses and take a particular situation affecting your projects into account. We will be happy to write a concept proposal for your specific training requirements.

    All courses outlined in our training programme can be held in German or English. Our training materials are written in English.

    You will receive the training documents as a PDF. We recommend that you have your notebook or tablet with you during the course.

    Training package: Seminar skills and attractive discounts

    • 10% early-bird booking discount if you register six or more weeks before a training session.
    • 10% group discount if you register more than one participant from your company for the same course.

    Want to save even more? Discounts can be combined for the same course.

    These conditions do not apply to VDA examination fees for Automotive SPICE® assessor training sessions or the Scaled Agile, Inc. fee for SAFe training.

    We strongly recommend that you have the appropriate ISO standards at hand for and during the exam, and of course during your further work.

    For the Cybersecurity Engineer training (TÜV Nord) this concerns ISO/SAE 21434, for the Functional Safety Engineer course (TÜV Rheinland) the safety standard ISO 26262. For Automotive SPICE® training, however, you will receive the model in the form of our original pocket guide.

    For legal reasons, we are unfortunately not authorized to provide you with a copy of ISO standards. Please ask your employer if you can obtain the respective standard there.

    Conditions of participation

    For courses in our seminar rooms, the fees include digital course materials, lunch and refreshments during breaks per person.

    Our services will be invoiced before beginning of training course.

    Terms of payment: 10 days net. In case of late payment late interest will be charged in accordance with current BGB regulations, in particular §288 BGB (German Civil Code).

    This offer is only open to companies or registered tradespersons. All fees are subject to current sales tax and must be paid on receipt of invoice. Early-bird and group discounts will be subtracted as necessary from invoices.

    We will confirm receipt of your registration. Registrations can be cancelled without penalty up to 6 weeks before each individual event; after that the following rules apply:

    • 6 weeks to 4 weeks before the start of the event = 10%. 
    • 4 weeks to 7 days before the event = 50%.
    • Fees will not be refunded if you cancel a course less than a week before an event.

    We will gladly accept a substitute participant at no additional cost. 

    All courses may be subject to change due to unforeseen circumstances.

    We charge the examination fees of third parties (such as VDC QMC and Scaled Agile Inc. as well as TÜV Rheinland and TÜV Nord) on their behalf. Such fees are not eligible for a discount.

    Your personal information will be stored by KUGLER MAAG CIE GmbH in order to organise the event. By registering for a course you also agree to us contacting you by fax, email or telephone. If you do not wish to consent to us using your information in this way, please send us a message or get in touch. You have the right to withdraw your consent to this arrangement at any time.

    If you take part in an examination with a third-party provider such as the VDA QMC and Scaled Agile Inc. as well as TÜV Rheinland and TÜV Nord, we will pass on the necessary data to the respective provider.

    DATA PROTECTION

     

     

    About Kugler Maag Cie
    Subscribe to our Newsletter
    To top