This module lasts one day, providing you with a fast-track understanding of the fundamentals of automotive security from the perspective of the development department: what do you need to keep in mind as the person in charge in order to deliver safe systems? To do this, you will gain a fundamental understanding of the attack scenarios that pose a threat to automotive electronics. You will learn to use systematic risk assessment to understand the environment of your systems and recognise potential threats in advance.
Understanding the first steps provides you with an entry point for integrating automotive security into your project.
Also interested in the technological requirements that affect how you protect your systems? If you are, we also recommend Module 2 of this fundamental training.
You will work through potential attack scenarios in order to recognise vulnerabilities and fend them off in advance. Introducing safeguards begins with methodical systems engineering – safe programming, safe code and aspects of functional safety. To do this, we introduce you to the fundamentals of different methods and relevant standard.
Content of the Automotive Security Crash Course
- Information security and managing cybersecurity
You will look at uncertainty and gain a fundamental understanding of how to determine and define the scope of security – from information and IT security to cybersecurity and the aims of providing protection: data transfers, confidentiality, integrity and availability.
You will also learn how to introduce effective initial control mechanisms in order to establish a secure environment both on a technical and organisational level and minimise uncertainty.
You will gain a fundamental understanding of the requirements of European General Data Protection Regulations with respect to vehicle development. You will also be shown the potential pitfalls of personal user data.
First steps privacy implementation for vehicle functions
- Functional safety and security
You will look at functional safety and security as two sides of the same coin during the usable lifetime of a vehicle. As well as allowing you to understand areas of overlap, you will and understand the various ways of looking at different factors regarding the two safety concepts.
- Automotive standards
Development according to the industry standard Automotive SPICE works well in complement to automotive security safeguards. The links between these standards and their influence on automotive electronics are also of interest: SAE J3061TM, FIPS, NIST SP 800-53, FIPP, EVITA and a first look at the pending security norm ISO/SAE 21434.
First steps recommendations that help you maintain an overview of your security activities.
- Hacking and automotive hacks
Gain an understanding of the reasons hacking happens, what hackers hope to achieve and what makes them tick. This includes looking at threat categories according to the STRIDE model. The emphasis lies in the particular features of vehicles, such as CAN, automotive ethernet and control unit functions that are particularly at risk.
- Security standards and risk management
You will become familiar with the security standards that are relevant to the automotive sector and understand the differences between conducting a risk analysis on security, functional safety and data protection. (MS SDL, CC, ISA/IEC 62443, 27k family, BSI. For risk management: STRIDE, DREAD, CERT-X, ISA/IEC 62443-3-2, ISO 27005, BSI 200-3, NIST SP 800-30, ISO/ SAE 21434, OWASP, SAMM. Threat analysis: MITRE, NIST, NVD. Methods: security FMEA, ATA.)
First steps suggested procedure for integrating risk analysis into your product life cycle.
Expect a full day and a wealth of information.
Target audience for the Security Crash Course
Managers and decision makers who:
- Need a thorough insight into threat scenarios and mitigation strategies.
- Will be responsible for security tasks in the future.