Get an overview of the present-day cybersecurity standards, with the focus on automotive ISO/SAE 21434
The course gives an overview of cybersecurity elements, with emphasis on its applications in the modern automotive industry. The course first introduces the cybercrime, its dangers and motivations, as well as the effects it may have to next generation vehicles. All the important notions are systematically laid out, such as threats, vulnerabilities, impact, CIA triad, security measures and security management frameworks. The course gives an overview of the present day cybersecurity standards, whereas the emphasis is given to ISO/SAE 21434 used in the automotive industry, contrasting it with other important standards such as ISO 27001 / TISAX, IEC 62434, ISO 15408, ISO 26262 and ISO/PAS 21448. Cybersecurity processes and procedures are covered in additional details, with the focus on hands-on work, including: Threat Analysis and Risk Assessment (TARA), Security Requirements, Threat Modelling, Secure Architecture and Secure Coding, Security Testing, Security Assessment and Security Review.
Course Topics:
Cybersecurity in automotive with the concepts of vulnerabilities and cyber attacks / exploits, motivation for attack and possible damages, holistic security architecture, confidentiality – Integrity – Availability (CIA) triad, and understanding data.
Cybersecurity process in the automotive system design lifecycle with the Security management frameworks – overview.
Regulatory compliance with ISO/SAE 21434 and its relations with ISO 27001 / TISAX, ISO 26262 and ISO/PAS 21448 (SOTIF).
Understanding risk, vulnerability and impact, risk assessment methods with exercise, and handling risk and iteratively closing out threats / risk analysis process.
Security requirement elicitation with exercise, decomposition and risk allocation based on TARA.
Secure architecture principles with exercises, secure communication with encryption concepts, over the air update, and selected secure coding example and exercise depending on the participants background.
Performing a systematic threat modelling, and STRIDE model for countermeasures definition.
Security review and security case, and penetration testing.
This lecture introduces safety and security terminology and sets up ground for setting up secure process workflow. The lecture contrasts process model of ASPICE with the required processes in safety and security. The course connects the dots of the required standards and frameworks for quality, safety and security and how they build together (ISO 9001, ASPICE, ISO 26262, ISO 21448 SOTIF, ISO 27001, TISAX, ISO 21434).
Based on the selected system analyze its dependability parameters and what it means for the system to be safe and secure in this context.
This lecture lays out ISO 21434 and its structure. Key terminology related to threats, attacks and risk is given. Threat analysis and risk assessment processes are given in detailes, and worked out towards the final risk and the cybersecurity goals definition. The process is analyzed and the risk acceptance or transfer judgement understood.
For your system (item), perform a draft TARA for one of the identified threats. For one major undesired damage define the sources of damage (faults, errors, failures) and identify one or more assets. Select one asset and identify a few threats using STRIDE guidelines. Rate SFOP impacts for the asset under a threat of choice. Discuss how feasible is the attack at your asset? What is the final risk? Can you accept the risk or you should do something about it?
This lecture details the concept phase and the workflow of defining cybersecurity goals based on the threat scenario which needs mitigation. Cybersecurity goals are then decomposed to cybersecurity requirements, with cybersecurity assurance level (CAL) decided and appropriately allocated. The lecture discusses what CAL means with respect to development rigor and contrasts it with ASIL.
Extend the previous exercise, so that for threats bearing unacceptable risk, formulate cybersecurity goals. Formulate a couple of cybersecurity requirements fulfilling those goals. Try to formulate technical cybersecurity requirements and to link them to the previous layer of requirements – maintain traceability throughout! Determine CAL and perform its allocation. How CAL allocation will affect the ways you need to implement your cybersecurity components?
This lecture dives into the design phase and various ways how cybersecurity architecture is defined with a number of cybersecurity measures (controls). Specific methods are laid out to counteract typical threats such as spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege. Some additional security caveats are analyzed, detailing defense in depth, zero trust architecture, least privilege, Purdue levels, security by obscurity and more.
Extend the previous exercise, so that you revisit cybersecurity requirements from your regarded item and assigned cybersecurity goal. Based on your previous experience in an implementation domain (system, hardware, software, etc) select a security mechanism and detail its implementation Go through the security caveat checklist and see what needs to be done so that your implementation is secure!
This lecture analyzes the verification phases linking them to design and concept phases laid out previously. Specific verification methods are introduced and described, and further sorted by the rigor required by CAL. Testing strategies are laid out, including functional testing, interface testing, resource usage evaluation, dynamic and static analysis, fuzz testing, penetration testing and vulnerability scanning. Important aspects such as coverages and completeness are also addressed.
Within the exercise we shall verify previously defined security measures. Prescribe a few test cases on various levels (Hardware, Software, System / Item) and defined a few types of tests which are suitable. Think about the CAL and the required test strategies based on the allocated level. What finally constitutes validation of our system?
2 hours 30 minutes
M6: Cybersecurity attacks – automotive examples (see DEMO video)
In this lecture we analyze actual vulnerabilities found in practical automotive implementations and dissect them thoroughly. This excursus is envisaged to split participant engagements based on their area of interest (system level vs more in-depth expertise). We would analyze one attack path starting from Infotainment (Bluetooth), exploiting several vulnerabilities on the example of Tesla Model 3. We would also analyze vehicle theft threat which is carried out by social engineering.
Select one of the cybersecurity in-depth examples and pinpoint exact cybersecurity controls (by looking at the software patches or process improvements – depending on the example) and discuss this with your group peers and the instructor.
Capstone lecture which sorts out through all processes and practices and identifies required work products which need to be submitted for the cybersecurity verification and assessment. The lecture also details the cybersecurity case, cybersecurity claims within it, how they are composed and pitched. The lecture also reflects on cybersecurity culture given the examples for the bad culture and pointers how to behave in the security-first and safety-first organizations.
The exercise collects thoughts and material from all previous exercises. The goal is to answer finally, how would the cybersecurity case be structured? How would the pitch look like? Which workproducts are already there, and which are missing? Finally, reflect on the CS culture in your company… What if you escalate? What if you prioritize CS over release schedule or signed sales contract? Should there be any changes?
2 hours 30 minutes
Final project
none
none
On the exemplary system (item) participants need to construct the draft cybersecurity case. Cybersecurity processes needs to be prescribed, starting with TARA, on to the cybersecurity goals, cybersecurity requirements and cybersecurity concept definition. Finally, the test plan on the top level needs to be defined and the final structure of the cybersecurity case together with the list of the required workproducts for the assessment.
10 hours
Final exam
none
none
none
2 hours
Requirements
Software: Chrome browser. Hardware: Computer with an Internet connection, working speakers, and microphone. Prior knowledge: Students should have a basic engineering background, and preferably software background and knowledge of at least one programming language.
Course Features
Course IDNIT-AU-11
Live classes20
Self-paced classes20
SkillAdvanced
This course is currently not available for individual enrollment. You can ask to be added to the waiting list or make a custom order for groups by contacting us below.
€199
If you would only like to listen to lectures at your own pace, with no exercises, live sessions and exams, no problem!
In case you bought the course previously, you can get your course details and access information by entering the e-mail address you used to register for the course below.
