Automotive Cybersecurity

The modern, connected car exposes a large attack surface that can be exploited by potential attackers compromising the confidentiality, integrity, and availability of automotive systems. The training class gives a comprehensive overview of automotive cybersecurity (ACS) for automotive engineers and managers across the supply chain introducing key concepts like vulnerabilities, attack vectors, threat analysis and risk assessment (TARA), cryptography, security requirements, technical security solutions and cybersecurity management systems. The course also covers important trends in automotive E/E, discusses the cybersecurity of critical infrastructures and takes an in-depth look at the important regulations and standards like UNECE R155 and ISO/SAE 21434. Special topics like Safety-Security Co-Engineering, AI and Cybersecurity, and the cybersecurity of electric cars and autonomous vehicles will provide the class participants with a thorough understanding of future applications and challenges.

Target Audience

This training class is targeted at automotive professionals (component and system engineers, engineering managers, quality, and project managers) involved with the development of security-related automotive E/E systems, future automotive security engineers, as well as managers and operators of automotive security operation centers. The course could be also relevant for IT specialist working at the interface between Car-IT, IT and OT security. Professionals working in the agricultural technology industry will acquire the necessary background to drive the adoption and implementation of ACS standards in their domain.

Highlights

• Develop secure automotive systems in compliance with ISO/SAE 21434
• Trends in Automotive Electronics and Software (evolution of E/E architectures, vehicle computers, cloud integration, automotive ethernet, software defined vehicles, connected cars)
• Cryptography (key concepts, history, encryption, symmetric vs asymmetric, algorithms, public key infrastructure, key management, impact of quantum computers, programming experiments in Python)
• Car Hacking (case studies, attack vectors, hacking tools, DEFCON car hacking village, trends)
• Threat Analysis and Risk Assessment (threats, attack vectors, threat analysis, risk assessment, security goals, case studies)
• 29 R155 (overview, homologation process, automotive supply chain)
• Scope of ISO 21434 (security requirements, secure system design, lifecycle view, implementation, security tests, V&V, best practices, Co-Engineering of Safety and Security)
• Cybersecurity Management Systems (scope and objective, organizational awareness, processes, framework & implementation, KPIs, CSMS and ISMS, ASOCs)
• Security solutions (defense-in-depth security approach, secure boot, secure in-vehicle networks, intrusion detection, limitations & challenges)
• E-Mobility Cybersecurity (attack surface, vulnerabilities, battery management systems, charging infrastructure, energy grid, smart cities)
• Cybersecurity of ADAS and autonomous vehicles (attack vectors, vulnerabilities, challenges, hardening the system)
• AI application in Automotive Cybersecurity (threat intelligence, ontologies, deep learning, automation, hacking tools)

Languages

Available in English and German

More Details on Formats and Locations

Introduction to Cybersecurity

• Overview
• IT Security, OT Security, Computer Security, Cybersecurity of Cyber-Physical Systems and Data Privacy
• Cybersecurity market (attackers, research groups, authorities, vendors, facts & figures)
• Attacks on critical infrastructures
• Cyber weapons – example StuxNet
• Automotive Cybersecurity (ACS)
• ACS vs IT security – similarities and differences
• Attack surface of a modern vehicle
• Common Vulnerabilities and Exposures (CVE)
• Terms and concepts

Digital Transformation in the Automotive Industry

• Connectivity, E-Mobility and Autonomous Driving (AD)
• New competitors from the ICT industry
• Convergence of ICT and Automotive Electronics
• The vehicle as part of the Internet of Things (IoT)
• Overview of V2X technologies
• Digital Transformation – the cybersecurity perspective

Trends in Automotive Electronics and Automotive Software

• In-vehicle Networks and protocols
• Automotive Ethernet
• High Performance Computing (HPC) architectures & vehicle computers
• Cloud-Integration
• Complexity of vehicle software
• Automotive middleware
• AUTOSAR
• Software-Defined vehicles (SDV)

Hands-on: Software Vulnerabilities

Introduction to Cryptography

• Mathematical foundations
• A brief history of cryptography
• Symmetric and asymmetric encryption
• Applications of Cryptography
• Crypto algorithms (RSA, AES) & hash functions (MD5, SHA)
• Public Key Infrastructures (PKI)
• Security of crypto algorithms
• Key Management
• Crypto Hardware
• Side channel attacks
• Impact of Quantum Computers

Hands-on: Cryptography in Python

Car Hacking

• Overview and timeline of car hacks
• Attackers, attack vectors and attack surface
• Vulnerabilities in automotive systems
• Security goals and defense mechanisms
• Deep dive – FCA Jeep Hack
• DEFCON Car Hacking villages

Hands-on: Hacking Tools

Threat Analysis and Risk Assessment (TARA)

• Asset definition
• Attack vectors and vulnerabilities
• Systematic analysis of threats
• Feasibility of attacks and threat models
• Threat Intelligence
• Risk assessment
• TARA and HARA – a comparison
• Tools
• Security goals and security requirements

Hands-on: TARA of an Automotive Subsystem

Regulatory Frameworks

• A historic perspective (Markey Act, standardization efforts)
• ISO/SAE 21434 overview
• Scope of ISO 21434
• Security concept and security architecture
• Security by Design
• Security across the lifecycle
• Overview of UNECE WP.29 R155 and R156
• Managing cybersecurity, CS certification and audits
• Software Update Management Systems (SUMS), Over the air updates

Cybersecurity Management Systems (CSMS)

• Overview
• Cybersecurity Management Systems (CSMS) and Information Security Management Systems (ISMS)
• Process framework
• Implementation best practices
• CSMS across the supply chain
• Automotive Security Operating Center (ASOCs)
• Governance and Key Performance Indicators

Hands-on: CSMS Implementation and Deployment

Security Technologies and Solutions

• Security goals and security requirements
• Hardening the system – the onion model of defence-in-depth security
• Hardware and software requirements for security solutions
• Secure boot
• Secure in-vehicle communication
• Firewalls
• Intrusion Detection Systems (IDS)
• Secure Gateways
• Security features in AUTOSAR
• Validation of security solutions
• Overview of ACS vendors
• Challenges

Hands-on: Securing an In-Vehicle Network

E-Mobility Cybersecurity

• Overview
• Attack surface and potential attack vectors
• Battery management systems
• Charging infrastructure, protocols and grid integration
• Smart Grids and Smart Charging

Cybersecurity of Advanced Driver Assistance Systems (ADAS) and Self-Driving Cars

• The road to autonomous driving (AD)
• Sensors, Sensor fusion, localisation and planning
• AD tech startups
• Vulnerabilities and hacks
• Cybersecurity issues of deep learning systems
• Outlook

Research in ACS and Outlook

• Safety and Security Co-Engineering
• Deep Learning applications in Cybersecurity
• Ontologies, Knowledge Graphs, Threat Intelligence and Cybersecurity taxonomies
• Smart Cities
• Post Quantum Cryptography