AUTOMOTIVE SECURITY
A clever hacker might come in through the back door at some unknown point in your development process. Before you know it, the mechanisms you put in place to protect your technology in a connected vehicle won’t work anymore. Systematic risk assessment can show you the real areas that are under threat. We systematically and methodically improve your processes to ensure threats can be pinpointed and shielded against in advance, as well as ensuring that your company and systems enjoy the best possible protection.
AUTOMOTIVE CYBERSECURITY – WHAT EXACTLY IS IT?
Many people would not buy a new car these days if it didn’t offer 24/7 connectivity. Internet access is a now fundamental ingredient of many comfort features and mobility services. But in cybersecurity terms, these features conceal many unseen risks.
Security-centric processes are primarily useful when it comes to effective risk assessment.
They allow you to understand where potential threats will need to be thought about – in product development, production, and even during everyday use of the connected vehicle.
Measures designed to protect technology can be derived from the findings of risk assessments.
These allows you to protect connected vehicles from cyberattacks.
Protecting critical IT infrastructure according to ISO 27000 will prevent third-party access to connected vehicles via the back-end systems of the vehicle manufacturer, its suppliers and the service providers.
These include
- IT security
- Organisational security
AUTOMOTIVE SECURITY REQUIRES END-TO-END PROTECTION
- Safeguards must work for all aspects of cybersecurity – the product itself, processes and IT systems.
- Safeguards must be in place for the entire guaranteed service life of a vehicle
Manufacturers are not just responsible for cybersecurity during product development and production. Cybersecurity measures also have to be in place for when a car is being driven, when car owners are using vehicles and associated services – even years after the last car in a series rolls off the production line.
This is the task of a cybersecurtiy management system (CSMS). We recommend integrating these CSMS concerns into your existing process landscape.
According to guidelines laid down by the UNECE, cybersecurity requirements are important for homologation.
IDENTIFY RISKS
Our cybersecurity experts can help you gain clarity by conducting risk assessments. They are familiar with the specific threats your systems may be exposed to. Based on their findings, we can help you design processes that allow your company to operate safely with a focus on combating potential threats.
We will work alongside you in proactively drafting a series of protective measures so you can develop your own automotive cybersecurity concept. We will also help your cybersecurity specialists with products and show you how to keep information assets secure (ISO 27001). By looking at issues from a broader angle, you can also introduce end-to-end safeguards based on valid assessments – taking all the right cybersecurity issues into account: the product itself, processes and IT systems.
Need support with a key project? We’re your first port of call when it comes to management consulting and improvement programmes in electronics development.
Steffen Herrmann and the sales team
ISO/SAE 21434 – THE CYBERSECURITY STANDARD
The new ISO/SAE 21434 standard comes into effect in November 2020. Our automotive cybersecurity solution allows you to start taking the future automotive security standard into account today. In the same vein as the new standard, we suggest using an integrated approach to risk management.
THIS RISK MANAGEMENT METHOD COMPRISES
- The connected vehicle, its components and relevant interfaces
- Product development, from concept development to design and development
- Production and maintenance
- Normal operation, including disposal adhering to data protection guidelines
To address all of these factors, a framework was developed for ISO/SAE 21434 capturing any key requirements with a bearing on cybersecurity. This provided the first ever set of communication principles for affected stakeholders.
Our risk management solution allows you to gain the transparency you will require to develop a cybersecurity strategy. It will also allow you to base all operational and organisational structures on cybersecurity standards pertinent to your company. Drawing on our expertise in planning workflows in keeping with defined objectives enables you to plan your own process landscapes to fulfil all key requirements – from the required user experience to commercial factors, FUNCTIONAL SAFETY (ISO 26262) and industry standards such as AUTOMOTIVE SPICE®.
How do experts assess the status of cybersecurity activities in the automotive industry? In the industry barometer »Automotive Cybersecurity. State of Practice 2020«, experts from E/E development give their assessment of the questions that challenge newcomers to the field of cybersecurity in particular.
ISO/SAE 21434 has allowed the international standardisation committee to lay a foundation for establishing automotive security as a fixed element of the development process for automotive electronics. The ISO/SAE 21434 standard addresses the central tasks of electronics development and the overall supply chain. To find out more about the upcoming standard, see the interview with security expert Dr Thomas Liedtke.
How do experts assess the status of cybersecurity activities in the automotive industry? In the industry barometer »Automotive Cybersecurity. State of Practice 2020«, experts from E/E development give their assessment of the questions that challenge newcomers to the field of cybersecurity in particular.
With ISO/SAE 21434, the international standards body has created a basis for establishing automotive security as an integral part of the development process for automotive electronics over Standard ISO/SAE 21434 addresses central tasks of electronics development – throughout the entire life cycle.
THE FOUR KEY SECURITY TARGETS
The security targets laid down under automotive cybersecurity guidelines go further than functional safety guidelines, making them more demanding for companies.
THE IMPORTANCE OF SAFETY, FINANCE, OPERATIONS AND PRIVACY AS SECURITY TARGETS
- Taking the protection of vehicle functions as a starting point, security measures
- also cover potential threats to the reputation and finances of your company.
- They also deal with the secure use of mobility services and data protection for
- sensitive user data.
CYBERSECURITY – A PREREQUISITE OF HOMOLOGATION
The regional committee of the United Nation Economic Commission for Europe (UNECE) describes cybersecurity as a key prerequisite for the homologation of series-production vehicles. This committee is responsible for the Geneva Convention. It lays down guidelines for uniform conditions for vehicle approvals and the mutual recognition of approvals.
SOCIAL ENGINEERING
Without an actively believed-in culture of security, your efforts to protect your firm and its vehicles from malicious attacks will be fruitless. All it takes is one minor oversight on the part of a colleague and everything you have put in place to provide protection can be rendered ineffective. We help you introduce precautionary measures to prevent manipulation through social engineering.
ACTIVELY PROTECT YOUR ORGANISATION AGAINST SOCIAL ENGINEERING
We support you in raising awareness for security issues among staff. A culture of security allows your cybersecurity measures to close the circle. Acute awareness allows the members of your team to spot threats more easily. This enhances the quality of your safety assessments and thus raises the likelihood of warding off threats in advance.
Is cybersecurity a realistic goal with so many network and new connectivity solutions around? Dr Thomas Liedtke looks at this topic as part of a round-robin seminar at the software and automation forum at Stuttgart University.
INTERESTED IN FINDING OUT MORE?
How does automotive security work in practice if connected vehicles are basically computers on wheels? This was the question posed by the New York Times. Automotive security expert Steve Tengler, Principal at Kugler Maag Cie, digs deeper.
HOW DO I STAY ON THE SAFE SIDE? Which tasks should my company take on and which tasks can I trust business partners to take care of? At wardsauto.com (third-party website), Steve Tengler, principal and automotive expert at Kugler Maag Cie in the United States, discusses who should hold the hot potato, and the conflicting interests of security solutions.
WE CAN SUPPORT YOU WITH
- Fostering awareness for the need for comprehensive end-to-end safeguards
- Detailed assessments of any threats posed
- Matching your cybersecurity policies to processes, products and IT requirements; managing involved specialists
- Assessing and improving your development processes with respect to security issues
- Adapting existing workflows and procedures to address key cybersecurity issues
- Ensuring systems conform to UNECE homologation guidelines
- Definition and introduction of new development processes in keeping with the requirements of ISO/SAE 21434
- Evaluation, development and implementation of cybersecurity management systems
- Selection of relevant security technology and industry standards according to your requirements
