Training is organised as a fast-track course to provide you with insights into the fundamental requirements of automotive security from two angles:
- From the angle of a development department with a clear mandate to deliver safe systems (Module 1)
- From a technological standpoint, looking at the most effective way to design such systems (Module 2)
On the first day, you will become familiar with risk scenarios and the context of potential attacks. This will involve taking a close look at understanding the kind of situations in which attacks take place and how to recognise threats using risk assessment. You will also discuss the differences and overlaps between the tasks of data protection and functional safety (ISO 26262).
To counter these threats, the second day looks at technical measures. This gives you detailed insights into the backbone technology of networked IT infrastructures and the context in which networked vehicles travel.
A section looking at first steps in automotive security provides you with practical pointers on introducing automotive security to your projects.
Crash course on security (automotive security Module 1)
1. Day on fundamental training
To identify and address vulnerabilities in advance, you will work through the scenarios of potential attacks. This includes the actions taken by people and how to introduce safeguards based on methodical systems engineering – safe programming, safe code and aspects of functional safety. To do this, we introduce you to the fundamentals of different methods and relevant standards.
- Information security and managing cybersecurity
You will look at uncertainty and gain a fundamental understanding of how to determine and define the scope of security – from information and IT security to cybersecurity and the aims of providing protection: data transfers, confidentiality, integrity and availability.
To minimise uncertainty, you will be introduced to the initial effective control mechanisms that allow you to safeguard security in technical terms on an organisational level.
You will gain a fundamental understanding of the requirements of European General Data Protection Regulations with respect to vehicle development. You will also be shown the potential pitfalls of personal user data.
First steps privacy implementation for vehicle functions.
- Functional safety and security
You will look at functional safety and security as two sides of the same coin within the usable lifetime of a vehicle. As well as allowing you to understand areas of overlap, you will see different angles and ways of looking at things regarding the two safety concepts.
- Automotive standards
Development according to the industry standard Automotive SPICE works well in complement to automotive security safeguards. The links between these standards and their influence on automotive electronics are also of interest: SAE J3061TM, FIPS, NIST SP 800-53, FIPP, EVITA and a first look at the pending security norm ISO/SAE 21434.
First steps recommendations that help you maintain an overview of your security activities.
- Hacking and automotive hacks
Gain an understanding of the reasons hacking happens, what hackers hope to achieve and what makes them tick. This includes looking at threat categories according to the STRIDE model. The emphasis lies on the particular features of vehicles, such as CAN, automotive ethernet and control unit functions that are particularly at risk.
- Security standards and risk management
You will become familiar with the security standards that are relevant to the automotive sector and understand the differences between conducting a risk analysis on security, functional safety and data protection. (MS SDL, CC, ISA/ IEC 62443, 27k family, BSI. For risk management: STRIDE, DREAD, CERT-X, ISA/ IEC 62443-3-2, ISO 27005, BSI 200-3, NIST SP 800-30, ISO/ SAE 21434, OWASP, SAMM. Threat analysis: MITRE, NIST, NVD. Methods: security FMEA, ATA)
First steps suggested procedure for integrating risk analysis into your product life cycle.
Security Training: Day 2. Technical Aspects for Vehicles
- The Need for Security in Vehicle Design
You gain insights into the encryption of communication between vehicle components (intra-vehicle) and between vehicles (inter-vehicle), and the necessary authentications. These include the protection of updates, privacy issues in statistical data collections, the impact of firewalls and VPN (intra-vehicle and inter-vehicle), as well as firewalls, VPN, and encryption in telemetry applications.
- Basic Knowledge of Encryption Technology
You deal with symmetric algorithms such as ciphers (block and stream ciphers), the problem of symmetric exchange of keys and brute-force attacks on networked vehicles and their infrastructures. Also on the agenda are asymmetric algorithms, including public and private keys, man-in-the-middle attacks, checksum protection, digital signatures, and public key infrastructures.
- Firewalls in IP-based Networks
You will gain basic knowledge of firewall topologies, perimeter firewalls, DMZ and security zones, as well as internal firewalls. In addition, you will encounter firewall typologies for layer architectures based on OSI: we will talk about filters for MAC addresses and IP, data packets (stateless and stateful) as well as application-related firewalls and proxies. Data protection and anonymity are topics in anonymization proxies and onion routing. The topic is also rounded off by virtual private networks. You will learn more about the basic VPN design, a comparison of OpenVPN with IPSEC, and finally about the further development of VPN technology.
Target audience of the Automotive Cyber- and IT-Security training
Employes who need comprehensive insight into threat scenarios, defense strategies and a fundamental, end-to-end understanding of involved technologies.
- In particular, product development engineers, project managers, and specialists who will be responsible for security tasks in the future.
- No prior knowledge in the security environment required, but an interest in and understanding of technical interrelationships is an advantage.
- 2 days
- Approx. 9 a.m. to 5 p.m.
- Number of participants: approx. 12
You can confirm your booking directly through this website or by sending us your instructions. Once a minimum number of places have been booked for the course, you will receive immediate confirmation of participation. We will also send details about the location where the course will be held.
Ideal training for your company
Need more customized training? We can pull together an individual package to meet your needs and the requirements of your company. All courses run by our experts are also available
- In German or English
- In-house: at your actual place of business and exclusively for your company. Course content for your in-house training will be agreed with you in advance.
The comprehensive instructional material is included. You'll receive a training certification after the course.
Knowledge – straight from the experts
Our course instructors are recognized experts in their field. Our know-how speaks for itself: The course directors at Kugler Maag Cie have already trained many trainers themselves, who now also offer their own courses – but if you come to us, you turn directly to the original source of the knowledge.
Our training approach has been ingeniously pulled together to cover
- method skills, developed over years by our instructors, who also write books on these topics
- a treasure trove of expertise, gained through our involvement in industry bodies
- the very latest insights from our work as consultants
Our experience with international projects in a variety of industry sectors enables our instructors to directly answer any questions you may have.
Learning in a pleasant and friendly atmosphere
We look forward to welcoming you to one of our courses. To make sure you can focus on the content of the course, we ensure that your stay is as pleasant as possible. All food and drinks are included, from snacks during breaks to lunch.
On courses lasting several days, we would also like to invite you out for the evening. This is a good chance to compare notes with other course participants and forge friendships.