TÜV Nord Cybersecurity Engineer (Automotive)

In collaboration with German certification body TÜV Nord, we qualify you with the practical project know-how you require to implement cybersecurity requirements according to the international ISO/SAE 21434 standard. You will also learn how to successfully and effectively apply further relevant guidelines, such as UNECE. The course ends with an examination to become an officially qualified "TÜV Nord Cybersecurity Engineer (Automotive)".

back to Cybersecurity-Trainings
  • Automotive Cybersecurity Engineer

    Training objectives & content

    This qualification course allows you to

    • Become familiar with the new ISO/SAE 21434 security standard
    • Understand regulations, requirements and work outputs
    • Understand the background to different types of regulations
    • Consolidate your understanding through exercises
    • Learn about UNECE WP.29 homologation requirements
    • Understand Cybersecurity SPICE, the future intacs™ add-on to Automotive SPICE®
    • Explore ways to achieve your cybersecurity objectives

     

    This course – which is designed in a close co-operation with the German technical inspectorate and certification body TÜV Nord – equips you with specific insights into different ways to develop cybersecurity requirements in an automotive setting. These include the automotive security standard ISO/SAE 21434, the homologation requirements of the United Nations Economic Commission for Europe (UNECE), functional safety (ISO 26262) and the security add-on to Automotive SPICE®.

    •   3 Days
    •   9 - 17 o'clock
    •   Public | Inhouse
    •   DE | EN
    •   limited to 12 participants
    •   Letter of Qualification by TUEV Nord

    Duration e-course  Due to the scope of the training, the content of an online course cannot be taught in three days. Therefore, we have increased the duration for online training to four days.

    Qualification

    Following the course, you can take the exam. This takes place as an open book exam online and under camera supervision of TÜV Nord at a location of your choice. 

    Once you have successfully passed the exam, you will receive a Letter of Qualification from TUEV Nord stating your qualification as a Cybersecurity Engineer (Automotive).

    You will work on an end-to-end example, allowing you to familiarise yourself with the complex area of automotive cybersecurity and the knowledge it requires. You will benefit from detailed insights gained through large-scale business projects conducted by Kugler Maag Cie during numerous improvement projects.

    Consider to register for our TARA training additionally. This course will deepen your practical knowledge significantly.

    In cooperation with TUEV Nord

    Together with the TUEV Nord certification body we qualify you as a "Cybersecurity Engineer (Automotive)". During the training you will learn how to achieve the required end-to-end security. As a TUEV Nord qualified Cybersecurity Engineer, you will know how ISO/SAE 21434 supports your work and which homologation requirements are imposed by UNECE for your task.

     

    ISO/SAE 21434

    ISO/SAE 21434 has allowed the international standardisation committee to lay a foundation for establishing automotive security as a fixed element of the development process for automotive electronics. The ISO/SAE 21434 standard addresses the central tasks of electronics development and the overall supply chain. To find out more about the upcoming standard, see the interview with security expert Dr Thomas Liedtke.

    READ THE INTERVIEW

     

    Agenda on the training

    Motivation

    • History of ISO/SAE 21434 standard, objectives, purpose and scope
    • Structure: clauses, objectives, requirements, work products, annexes, …
    • Meaning and relation to other security standards like SAE J3061TM, ISO PAS 5112, ACSMS, ASPICE® for cybersecurity, ISO/IEC 27001, UNECE, ISO/IEC 31000, EU-GDPR, ISO 26262, TISAX, GSR, …
    • Motivation for the standard
    • Embedding and correlation to similar domains, like Functional Safety

    Overview

    • Explanation of structure of the training / clustering of subjects
    • The clauses (chapters) and their objectives/ content will be explained

    Introduction

    • Explanation of the first four administrative chapters of the standards
      • Scope
      • References: list of standards including Kugler Maag Cie experiences regarding evaluation for relevance
      • Terms and definitions: examples, relationship to each other
      • Relationship to ISO 31000 risk management
      • Interaction with Safety

    Cybersecurity management

    • General overview and focus of Security Management Systems: ISO/IEC 27001, TISAX, UNECE, QMS, RMS
    • Objectives and requirements for an overall Cybersecurity Management | examples for implementation | organizational responsibilities | definition of a CSMS (Cybersecurity Management System) and relation to ISMS (Information Cybersecurity Management System)
    • Objectives and requirements for a project dependent Cybersecurity Management | examples in correlation with overall Cybersecurity Management
    • Kugler Maag Cie experiences implementing efficient and effective Cybersecurity Management Systems in organizations

    Repetition

    • Consolidation of learning material

    Distributed Cybersecurity Activities

    • How to work together between supplier and customer? | example for an Cybersecurity Interface Agreement (CIA)

    Continuous Cybersecurity Activities

    • Presentation of ongoing activities: Cybersecurity Monitoring | Event Management | Vulnerability Analysis | Vulnerability Management
    • Examples how to achieve goals for continuous cybersecurity activities

    Lifecycle

    • Concept Phase: from item definition to security concept, defining cybersecurity goals, deriving cybersecurity requirements
    • ProductDevelopment and Validation: relationship to V-model, activities on left side and right side of development V | consideration of system, software and hardware development | verification and validation
    • Post development phases: requirements for production (e.g. TARA refinement), operation and maintenance (e.g. SW-OTA) and decommissioning (e.g. TARA refinement for logistics) | operation and maintenance (incident management and updates) | decommissioning

    Annexes

    • Content, purpose and objectives of the 8 annexes will be explained: summary of work products, examples for a good cybersecurity culture (real-world examples in relation with safety will be given), use-case example will be presented, tables for the determination of attack feasibilities will be explained, …

    Interaction with other standards

    • Cooperation with Functional Safety ISO 26262 standard, development interfaces between Safety and Cybersecurity. Point of contact within the V-model and management
    • Combination of methods to gain synergies. E.g. HARA and TARA: How to perform together? Safety FMEA vs. Security FMEA, …

    Repetition

    • Consolidation of learning material

    Risk Assessment Methods

    • Presentation of the seven steps to perform a risk assessment from asset identification till risk determination decision | get familiar with valuation tables for attack feasibility and estimation of damage | creation of risk matrix | parameter and content of attack feasibility | get familiar with different terms like damage scenario, threat scenario, attack path, attack
    • Example of performing a TARA | network of work products and dependabilities
    • KMC XLS-TARA template will be provided to each participant

    Exercises for the different steps of the risk analysis

    UNECE WP.29 regulation No. [155] (CSMS); No. [156] (SUMS)

    • Objectives and motivation; GSR (General Safety Regulation)
    • Interpretation and interface to ISO/SAE 21434
    • Regulation for Homologation: Management Systems
      • CSMS, SUMS, RXSWIN, SW OTA
    • Regulation for Homologation: Type Approval
      • Risk analysis, Annex 5: Threats and potential attacks

    Target audience of the automotive security training

    Training to become an Automotive Security Engineer is targeted at decision-makers and people with responsibility in the development functions of manufacturers and automotive suppliers.

    In particular:
    • Project managers and management
    • Engineers, system architects, testers and engineers working on systems, hardware and software
    • Managers and experts in cybersecurity and systems used in information assets security and quality assurance
    • People responsible for purchasing and sales

    There are no formal prerequisites for participating in this course. We highly recommend a profound knowledge on systems engineering in electronic development, or on Automotive SPICE®, or on Functional Safety. A general understanding on cybersecurity in automotive electronics is advisable as well.

    We strongly advise you to have the cybersecurity standard ISO/SAE 21434 with you for, and during the exam, and of course in your further employment.

    For legal reasons, we are unfortunately not allowed to provide you with a copy of the standard. Ask your employer if you can obtain the standard there.

    Next training dates

    27.06. - 30.06.22 Automotive Cybersecurity Engineer

    EN
    Online (EU)
    1.890 eur p.P.*

    18.07. - 21.07.22 Automotive Cybersecurity Engineer

    EN
    Online (China)
    1.701 eur p.P.*

    19.09. - 21.09.22 Automotive Cybersecurity Engineer

    DE
    Greater Stuttgart
    1.890 eur p.P.*

    17.10. - 20.10.22 Automotive Cybersecurity Engineer

    EN
    Online (EU)
    1.701 eur p.P.*

    14.11. - 16.11.22 Automotive Cybersecurity Engineer

    DE
    Greater Stuttgart
    1.890 eur p.P.*

    28.11. - 01.12.22 Automotive Cybersecurity Engineer

    EN
    Online (EU)
    1.701 eur p.P.*

    05.12. - 08.12.22 Automotive Cybersecurity Engineer

    EN
    Online (China)
    1.701 eur p.P.*

    12.12. - 14.12.22 Automotive Cybersecurity Engineer

    DE
    Greater Stuttgart
    1.890 eur p.P.*

    18.07. - 21.07.22 Automotive Cybersecurity Engineer

    EN
    Online (China)
    1.701 eur p.P.*

    05.12. - 08.12.22 Automotive Cybersecurity Engineer

    EN
    Online (China)
    1.701 eur p.P.*

    27.06. - 30.06.22 Automotive Cybersecurity Engineer

    EN
    Online (EU)
    1.890 eur p.P.*

    19.09. - 21.09.22 Automotive Cybersecurity Engineer

    DE
    Greater Stuttgart
    1.890 eur p.P.*

    17.10. - 20.10.22 Automotive Cybersecurity Engineer

    EN
    Online (EU)
    1.701 eur p.P.*

    14.11. - 16.11.22 Automotive Cybersecurity Engineer

    DE
    Greater Stuttgart
    1.890 eur p.P.*

    28.11. - 01.12.22 Automotive Cybersecurity Engineer

    EN
    Online (EU)
    1.701 eur p.P.*

    12.12. - 14.12.22 Automotive Cybersecurity Engineer

    DE
    Greater Stuttgart
    1.890 eur p.P.*

    We strongly advise you to have the cybersecurity standard ISO/SAE 21434 with you for, and during the exam, and of course in your further employment.

    For legal reasons, we are unfortunately not allowed to provide you with a copy of the standard. Ask your employer if you can obtain the standard there.

    Book early to receive an early-bird discount or apply for a group discount on course fees.

    KNOWING HOW IT’S DONE

    Whether its certification training you need or an individual workshop, you always benefit from the full advantages of our know-how. We will design the right training to match your needs, for you (individually) as an expert, or as an exclusive in-house course for your company. Our experts offer all courses in German and English.

    Smilja Mateja, Training Coordination

    Process & organisation

    Safe courses

    With our hygiene concept we ensure that we can continue to offer safe on-site training. Should on-site training not be possible at short notice due to the occurrence of infection, we reserve the right to offer it as online training. We have intensive experience with online training and assessments. Therefore you will definitely benefit from our expertise. 

    Information on the training programme

    Some courses take place several times a year as classroom training sessions. Others are only offered as in-house training.

    To make a binding reservation, book directly through the website or send us an order. We will confirm course dates as soon as we have received a minimum number of reservations. You will be sent all required information on course arrangements in advance. Fees include course materials, lunch and refreshments during breaks.

    Most of our courses can also be booked as in-house training sessions. Our instructors will be happy to travel directly to your place of work and train your teams on site. We can also mix and match the content of in-house courses and take a particular situation affecting your projects into account. We will be happy to write a concept proposal for your specific training requirements.

    All courses outlined in our training programme can be held in German or English. Our training materials are written in English.

    Training package: Seminar skills and attractive discounts

    • 10% early-bird booking discount if you register six or more weeks before a training session.
    • 10% group discount if you register more than one participant from your company for the same course.

    Want to save even more? Discounts can be combined for the same course.

    These conditions do not apply to VDA examination fees for Automotive SPICE® assessor training sessions or the Scaled Agile, Inc. fee for SAFe training.

    We strongly recommend that you have the appropriate ISO standards at hand for and during the exam, and of course during your further work.

    For the Cybersecurity Engineer training (TÜV Nord) this concerns ISO/SAE 21434, for the Functional Safety Engineer course (TÜV Rheinland) the safety standard ISO 26262. For Automotive SPICE® training, however, you will receive the model in the form of our original pocket guide.

    For legal reasons, we are unfortunately not authorized to provide you with a copy of ISO standards. Please ask your employer if you can obtain the respective standard there.

    Conditions of participation

    Course fees include course materials, lunch and refreshments during breaks per person.

    This offer is only open to companies or registered tradespersons. All fees are subject to current sales tax and must be paid on receipt of invoice. Early-bird and group discounts will be subtracted as necessary from invoices.

    We will confirm receipt of your registration. Registrations can be cancelled without penalty up to 6 weeks before each individual event; after that the following rules apply:

    • 6 weeks to 4 weeks before the start of the event = 10%. 
    • 4 weeks to 7 days before the event = 50%.
    • Fees will not be refunded if you cancel a course less than a week before an event.

    We will gladly accept a substitute participant at no additional cost. 

    All courses may be subject to change due to unforeseen circumstances.

    We charge the examination fees of third parties (such as VDC QMC and Scaled Agile Inc. as well as TUEV Rheinland and TUEV Nord) on their behalf. Such fees are not eligible for a discount.

    Your personal information will be stored by KUGLER MAAG CIE GmbH in order to organise the event. By registering for a course you also agree to us contacting you by fax, email or telephone. If you do not wish to consent to us using your information in this way, please send us a message or get in touch. You have the right to withdraw your consent to this arrangement at any time.

    DATA PROTECTION