Automotive Cybersecurity
UNECE R155 and ISO/SAE 21434 - 2 days
Date/Time | Location | Language |
Upon request | English/German |
The modern, connected car exposes a large attack surface that can be exploited by potential attackers compromising the confidentiality, integrity, and availability of automotive systems. The training class gives a comprehensive overview of automotive cybersecurity (ACS) for automotive engineers and managers across the supply chain, introducing key concepts like vulnerabilities, attack vectors, threat analysis and risk assessment (TARA), cryptography, security requirements, technical security solutions, and cybersecurity management systems.
The course also covers important trends in automotive E/E, discusses the cybersecurity of critical infrastructures, and takes an in-depth look at the important regulations and standards like UNECE R155 and ISO/SAE 21434. Special topics like Safety-Security Co-Engineering, AI and Cybersecurity, and the cybersecurity of electric cars and autonomous vehicles will provide the class participants with a thorough understanding of future applications and challenges.
Target Audience
This training class is targeted at automotive professionals (component and system engineers, engineering managers, quality, and project managers) involved with the development of security-related automotive E/E systems, future automotive security engineers, as well as managers and operators of automotive security operation centers. The course could be also relevant for IT specialist working at the interface between Car-IT, IT and OT security. Professionals working in the agricultural technology industry will acquire the necessary background to drive the adoption and implementation of ACS standards in their domain.
Highlights
- Develop secure automotive systems in compliance with ISO/SAE 21434
- Trends in Automotive Electronics and Software (evolution of E/E architectures, vehicle computers, cloud integration, automotive ethernet, software defined vehicles, connected cars)
- Cryptography (key concepts, history, encryption, symmetric vs asymmetric, algorithms, public key infrastructure, key management, impact of quantum computers, programming experiments in Python)
- Car Hacking (case studies, attack vectors, hacking tools, DEFCON car hacking village, trends)
- Threat Analysis and Risk Assessment (threats, attack vectors, threat analysis, risk assessment, security goals, case studies)
- 29 R155 (overview, homologation process, automotive supply chain)
- Scope of ISO 21434 (security requirements, secure system design, lifecycle view, implementation, security tests, V&V, best practices, Co-Engineering of Safety and Security)
- Cybersecurity Management Systems (scope and objective, organizational awareness, processes, framework & implementation, KPIs, CSMS and ISMS, ASOCs)
- Security solutions (defense-in-depth security approach, secure boot, secure in-vehicle networks, intrusion detection, limitations & challenges)
- E-Mobility Cybersecurity (attack surface, vulnerabilities, battery management systems, charging infrastructure, energy grid, smart cities)
- Cybersecurity of ADAS and autonomous vehicles (attack vectors, vulnerabilities, challenges, hardening the system)
- AI application in Automotive Cybersecurity (threat intelligence, ontologies, deep learning, automation, hacking tools)
Languages
Available in English and German
Formats

Open-enrollment Trainings
at one of our locations

Virtual Classroom Trainings
wherever you are

In-house Trainings
online or in-house
Cost, Terms & Conditions
See all fees, terms & conditions for training classes provided by tudoor academy
Our Trainers
Agenda
Day 1
Introduction to Cybersecurity
- Overview
- IT Security, OT Security, Computer Security, Cybersecurity of Cyber-Physical Systems and Data Privacy
- Cybersecurity market (attackers, research groups, authorities, vendors, facts & figures)
- Attacks on critical infrastructures
- Cyber weapons – example StuxNet
- Automotive Cybersecurity (ACS)
- ACS vs IT security – similarities and differences
- Attack surface of a modern vehicle
- Common Vulnerabilities and Exposures (CVE)
- Terms and concepts
Digital Transformation in the Automotive Industry
- Connectivity, E-Mobility and Autonomous Driving (AD)
- New competitors from the ICT industry
- Convergence of ICT and Automotive Electronics
- The vehicle as part of the Internet of Things (IoT)
- Overview of V2X technologies
- Digital Transformation – the cybersecurity perspective
Trends in Automotive Electronics and Automotive Software
- In-vehicle Networks and protocols
- Automotive Ethernet
- High Performance Computing (HPC) architectures & vehicle computers
- Cloud-Integration
- Complexity of vehicle software
- Automotive middleware
- AUTOSAR
- Software-Defined vehicles (SDV)
Hands-on: Software Vulnerabilities
Introduction to Cryptography
- Mathematical foundations
- A brief history of cryptography
- Symmetric and asymmetric encryption
- Applications of Cryptography
- Crypto algorithms (RSA, AES) & hash functions (MD5, SHA)
- Public Key Infrastructures (PKI)
- Security of crypto algorithms
- Key Management
- Crypto Hardware
- Side channel attacks
- Impact of Quantum Computers
Hands-on: Cryptography in Python
Car Hacking
- Overview and timeline of car hacks
- Attackers, attack vectors and attack surface
- Vulnerabilities in automotive systems
- Security goals and defense mechanisms
- Deep dive – FCA Jeep Hack
- DEFCON Car Hacking villages
Hands-on: Hacking Tools
Threat Analysis and Risk Assessment (TARA)
- Asset definition
- Attack vectors and vulnerabilities
- Systematic analysis of threats
- Feasibility of attacks and threat models
- Threat Intelligence
- Risk assessment
- TARA and HARA – a comparison
- Tools
- Security goals and security requirements
Hands-on: TARA of an Automotive Subsystem
Day 2
Regulatory Frameworks
- A historic perspective (Markey Act, standardization efforts)
- ISO/SAE 21434 overview
- Scope of ISO 21434
- Security concept and security architecture
- Security by Design
- Security across the lifecycle
- Overview of UNECE WP.29 R155 and R156
- Managing cybersecurity, CS certification and audits
- Software Update Management Systems (SUMS), Over the air updates
Cybersecurity Management Systems (CSMS)
- Overview
- Cybersecurity Management Systems (CSMS) and Information Security Management Systems (ISMS)
- Process framework
- Implementation best practices
- CSMS across the supply chain
- Automotive Security Operating Center (ASOCs)
- Governance and Key Performance Indicators
Hands-on: CSMS Implementation and Deployment
Security Technologies and Solutions
- Security goals and security requirements
- Hardening the system – the onion model of defence-in-depth security
- Hardware and software requirements for security solutions
- Secure boot
- Secure in-vehicle communication
- Firewalls
- Intrusion Detection Systems (IDS)
- Secure Gateways
- Security features in AUTOSAR
- Validation of security solutions
- Overview of ACS vendors
- Challenges
Hands-on: Securing an In-Vehicle Network
E-Mobility Cybersecurity
- Overview
- Attack surface and potential attack vectors
- Battery management systems
- Charging infrastructure, protocols and grid integration
- Smart Grids and Smart Charging
Cybersecurity of Advanced Driver Assistance Systems (ADAS) and Self-Driving Cars
- The road to autonomous driving (AD)
- Sensors, Sensor fusion, localisation and planning
- AD tech startups
- Vulnerabilities and hacks
- Cybersecurity issues of deep learning systems
- Outlook
Research in ACS and Outlook
- Safety and Security Co-Engineering
- Deep Learning applications in Cybersecurity
- Ontologies, Knowledge Graphs, Threat Intelligence and Cybersecurity taxonomies
- Smart Cities
- Post Quantum Cryptography