Automotive Cybersecurity Fundamentals

course image

Automotive Cybersecurity Fundamentals


Get an overview of the present-day cybersecurity standards, with the focus on automotive ISO/SAE 21434

The course gives an overview of cybersecurity elements, with emphasis on its applications in the modern automotive industry. The course first introduces the cybercrime, its dangers and motivations, as well as the effects it may have to next generation vehicles. All the important notions are systematically laid out, such as threats, vulnerabilities, impact, CIA triad, security measures and security management frameworks. The course gives an overview of the present day cybersecurity standards, whereas the emphasis is given to ISO/SAE 21434 used in the automotive industry, contrasting it with other important standards such as ISO 27001 / TISAX, IEC 62434, ISO 15408, ISO 26262 and ISO/PAS 21448. Cybersecurity processes and procedures are covered in additional details, with the focus on hands-on work, including: Threat Analysis and Risk Assessment (TARA), Security Requirements, Threat Modelling, Secure Architecture and Secure Coding, Security Testing, Security Assessment and Security Review.

Course Topics:

  • Cybersecurity in automotive with the concepts of vulnerabilities and cyber attacks / exploits, motivation for attack and possible damages, holistic security architecture, confidentiality – Integrity – Availability (CIA) triad, and understanding data.
  • Cybersecurity process in the automotive system design lifecycle with the Security management frameworks – overview.
  • Regulatory compliance with ISO/SAE 21434 and its relations with ISO 27001 / TISAX, ISO 26262 and ISO/PAS 21448 (SOTIF).
  • Understanding risk, vulnerability and impact, risk assessment methods with exercise, and handling risk and iteratively closing out threats / risk analysis process.
  • Security requirement elicitation with exercise, decomposition and risk allocation based on TARA.
  • Secure architecture principles with exercises, secure communication with encryption concepts, over the air update, and selected secure coding example and exercise depending on the participants background.
  • Performing a systematic threat modelling, and STRIDE model for countermeasures definition.
    Security review and security case, and penetration testing.


Software: Chrome browser.
Hardware: Computer with an Internet connection, working speakers, and microphone.
Prior knowledge: Students should have a basic engineering background, and preferably software background and knowledge of at least one programming language.