Training
 |
Automotive Security 2in1

Automotive Cybersecurity 2 in 1

Training on the fundamentals: Overview (Mod. 1) and Security Technologies (Mod. 2)

As everything becomes more and more connected, cyberattacks pose an increasing threat to vehicles. This is the starting point for our comprehensive training. Our courses provide a detailed overview of standards and different methods, also providing beginners with tips on building security know-how step by step (Module 1). You will also gain insights into the technology used to secure networked vehicles (Module 2). Practical instructions are also part and parcel of this combined course. 

Training is organised as a fast-track course to provide you with insights into the fundamental requirements of automotive security from two angles: 

  • From the angle of a development department with a clear mandate to deliver safe systems (Module 1) 
  • From a technological standpoint, looking at the most effective way to design such systems (Module 2)

On the first day, you will become familiar with risk scenarios and the context of potential attacks. This will involve taking a close look at understanding the kind of situations in which attacks take place and how to recognise threats using risk assessment. You will also discuss the differences and overlaps between the tasks of data protection and functional safety (ISO 26262).

To counter these threats, the second day looks at technical measures. This gives you detailed insights into the backbone technology of networked IT infrastructures and the context in which networked vehicles travel.

A section looking at first steps in automotive security provides you with practical pointers on introducing automotive security to your projects. 

Crash course on security (automotive security Module 1)
1. Day on fundamental training 

To identify and address vulnerabilities in advance, you will work through the scenarios of potential attacks. This includes the actions taken by people and how to introduce safeguards based on methodical systems engineering – safe programming, safe code and aspects of functional safety. To do this, we introduce you to the fundamentals of different methods and relevant standards. 

  • Information security and managing cybersecurity
    You will look at uncertainty and gain a fundamental understanding of how to determine and define the scope of security – from information and IT security to cybersecurity and the aims of providing protection: data transfers, confidentiality, integrity and availability.
    To minimise uncertainty, you will be introduced to the initial effective control mechanisms that allow you to safeguard security in technical terms on an organisational level.
  • Privacy
    You will gain a fundamental understanding of the requirements of European General Data Protection Regulations with respect to vehicle development. You will also be shown the potential pitfalls of personal user data.
    First steps  privacy implementation for vehicle functions.
  • Functional safety and security
    You will look at functional safety and security as two sides of the same coin within the usable lifetime of a vehicle. As well as allowing you to understand areas of overlap, you will see different angles and ways of looking at things regarding the two safety concepts.
  • Automotive standards
    Development according to the industry standard Automotive SPICE works well in complement to automotive security safeguards. The links between these standards and their influence on automotive electronics are also of interest: SAE J3061TM, FIPS, NIST SP 800-53, FIPP, EVITA and a first look at the pending security norm ISO/SAE 21434.
    First steps  recommendations that help you maintain an overview of your security activities.
  • Hacking and automotive hacks
    Gain an understanding of the reasons hacking happens, what hackers hope to achieve and what makes them tick. This includes looking at threat categories according to the STRIDE model. The emphasis lies on the particular features of vehicles, such as CAN, automotive ethernet and control unit functions that are particularly at risk.
  • Security standards and risk management
    You will become familiar with the security standards that are relevant to the automotive sector and understand the differences between conducting a risk analysis on security, functional safety and data protection. (MS SDL, CC, ISA/ IEC 62443, 27k family, BSI. For risk management: STRIDE, DREAD, CERT-X, ISA/ IEC 62443-3-2, ISO 27005, BSI 200-3, NIST SP 800-30, ISO/ SAE 21434, OWASP, SAMM. Threat analysis: MITRE, NIST, NVD. Methods: security FMEA, ATA)
    First steps  suggested procedure for integrating risk analysis into your product life cycle.

Security Training: Day 2. Technical Aspects for Vehicles

  • The Need for Security in Vehicle Design
    You gain insights into the encryption of communication between vehicle components (intra-vehicle) and between vehicles (inter-vehicle), and the necessary authentications. These include the protection of updates, privacy issues in statistical data collections, the impact of firewalls and VPN (intra-vehicle and inter-vehicle), as well as firewalls, VPN, and encryption in telemetry applications.
  • Basic Knowledge of Encryption Technology
    You deal with symmetric algorithms such as ciphers (block and stream ciphers), the problem of symmetric exchange of keys and brute-force attacks on networked vehicles and their infrastructures. Also on the agenda are asymmetric algorithms, including public and private keys, man-in-the-middle attacks, checksum protection, digital signatures, and public key infrastructures.
  • Firewalls in IP-based Networks
    You will gain basic knowledge of firewall topologies, perimeter firewalls, DMZ and security zones, as well as internal firewalls. In addition, you will encounter firewall typologies for layer architectures based on OSI: we will talk about filters for MAC addresses and IP, data packets (stateless and stateful) as well as application-related firewalls and proxies. Data protection and anonymity are topics in anonymization proxies and onion routing. The topic is also rounded off by virtual private networks. You will learn more about the basic VPN design, a comparison of OpenVPN with IPSEC, and finally about the further development of VPN technology.

Target audience of the Automotive Cyber- and IT-Security training

Employes who need comprehensive insight into threat scenarios, defense strategies and a fundamental, end-to-end understanding of involved technologies. 

  • In particular, product development engineers, project managers, and specialists who will be responsible for security tasks in the future.
  • No prior knowledge in the security environment required, but an interest in and understanding of technical interrelationships is an advantage.

Training details

  • 2 days
  • Approx. 9 a.m. to 5 p.m.
  • Number of participants: approx. 12
  •  

Registration

You can confirm your booking directly through this website or by sending us your instructions. Once a minimum number of places have been booked for the course, you will receive immediate confirmation of participation. We will also send details about the location where the course will be held. 

Ideal training for your company 

Need more customized training? We can pull together an individual package to meet your needs and the requirements of your company. All courses run by our experts are also available

  1. In German or English
  2. In-house: at your actual place of business and exclusively for your company. Course content for your in-house training will be agreed with you in advance. 

The comprehensive instructional material is included. You'll receive a training certification after the course.

Knowledge – straight from the experts

Our course instructors are recognized experts in their field. Our know-how speaks for itself: The course directors at Kugler Maag Cie have already trained many trainers themselves, who now also offer their own courses – but if you come to us, you turn directly to the original source of the knowledge.

Our training approach has been ingeniously pulled together to cover 

  • method skills, developed over years by our instructors, who also write books on these topics
  • a treasure trove of expertise, gained through our involvement in industry bodies
  • the very latest insights from our work as consultants

Our experience with international projects in a variety of industry sectors enables our instructors to directly answer any questions you may have. 

Learning in a pleasant and friendly atmosphere

We look forward to welcoming you to one of our courses. To make sure you can focus on the content of the course, we ensure that your stay is as pleasant as possible. All food and drinks are included, from snacks during breaks to lunch. 

On courses lasting several days, we would also like to invite you out for the evening. This is a good chance to compare notes with other course participants and forge friendships. 

Training

Next terms: Automotive Security 2 in 1

Title: Automotive Security 2 in 1: Crash Course + Technologies
Term: 25.11.-27.11.2019
Location: Greater Stuttgart
Language: DE
Price: 1.300 EUR p.P.*

Early-bird discount  fully booked Register


Title: Automotive Security 2 in 1: Crash Course + Technologies
Term: 17.02.-19.02.2020
Location: Greater Stuttgart
Language: DE
Price: 1.300 EUR p.P.*

Early-bird discount  fully booked Register


Title: Automotive Security 2 in 1: Crash Course + Technologies
Term: 28.09.-30.09.2020
Location: Greater Stuttgart
Language: DE
Price: 1.300 EUR p.P.*

Early-bird discount  fully booked Register



Legend:
* All of the prices stated above per participant plus VAT and plus examination fee where applicable. Please take our attractive discounts into account.

Early-bird discount Early-bird discount   Guaranteed date Guaranteed date   Fully booked Fully booked

Kontakt
Softwaredrives