Without 24-7 connectivity, new cars are almost impossible to sell these days. Online connections are an important enabler of comfort options and modern travel services. Sadly, from a security angle, they are fraught with risks.
Automotive Security requires end-to-end safeguards:
- Safeguards need to be in place for all areas affecting security: the product itself, processes and IT systems.
- Any such protective safeguards need to remain in place for the entire warranted service life of a vehicle. Responsibility for security starts in product development and extends even beyond manufacturing. Manufacturers are still responsible for security when a car is being driven, in other words while owners are actually using their vehicles or any related services. This can be a long time after the car rolls off the production line.
Our security experts help you gain clarity by conducting risk assessments. They have the specific knowledge required to understand potential threats to your systems. Based on their assessment, we provide a secure plan for the workflows at your company, placing emphasis on warding off possible risks from the outset.
By working with your experts, we draft a catalogue of proactive defence mechanisms and support you with implementation of your security strategy. We also support your specialists with product security and safeguards relating to IT security (ISO standard 27001). This holistic approach provides you with end-to-end protection based on validated assessments aimed at addressing the key factors that most affect security – the product itself, processes and IT systems.
ISO/SAE 21434 – the future security standard for networked automobiles
The new ISO/SAE 21434 guidelines are likely to be published in the summer of 2020. Our security concept allows you to start taking the requirements of the future automotive security standard into account now. In keeping with this new standard, we provide you with pointers on introducing an integrated risk management concept.
This risk management concept covers
- the networked vehicle, all components and relevant interfaces
- product development, from initial concept development to design and development
- production and in-service maintenance
- normal operation including disposal in keeping with privacy protection requirements
ISO/SAE 21434 provides a framework for capturing the requirements of security-centric workflows. For the first time, this establishes a foundation for communication between all involved stakeholders.
The risk management concept gives you a clear overview of the targets that will be required in developing your security strategy. This also allows you to structure your processes and systems methodically according to the security requirements that are most pertinent to your company. Drawing on our expertise in developing targeted workflows, we design your process landscape in such a way that you will meet all key requirements, from the required user experience and aspects relating to business management to Functional Safety (ISO 26262) and industry standards such as Automotive SPICE®.
The four key ingredients of SFOP: safety, finance, operations, privacy
The areas of protection targeted under Automotive Security are broader – and thus more demanding – than they are with functional safety under ISO 26262:
- Building on the protection of vehicle functions, Automotive Security also covers potential threats to your reputation and company finances.
- It also deals with the secure use of mobility services and data protection for sensitive user data.
Do something now to protect your organisation
Without an actively believed-in culture of security, your efforts to protect your company and your vehicles from malicious attacks will be fruitless. All it takes is one minor oversight on the part of a colleague and everything you have put in place to provide protection can be rendered ineffective. This is why we support you in raising awareness of security issues among staff with social engineering. A culture of security allows your security measures to go full circle. Acute awareness allows the members of your team to spot threats more easily. This enhances the quality of your risk analysis and thus raises the probability that you will ward off threats in advance.
The security experts of Kugler Maag Cie help you to
- foster awareness within your organisation of comprehensive, end-to-end safeguards
- conduct detailed assessments of any threats posed
- match your security strategy to processes, products and IT requirements and manage specialists involved
- assess and improve your development processes with respect to security factors
- adapt existing workflows and procedures in order to address key security factors
- define and set up new development processes in keeping with the requirements of ISO/SAE 21434
- evaluate, develop and implement security management measures
- select relevant security technology and industry standards according to your requirements