Do you need to harden your systems against attacks from inside or outside?
Do you want to implement the state of practice methods and tools for integrated cybersecurity?
Are standards such as ISO 27001 (IT Security), ISO 21434 and SAE J3061 (automotive security) or ISO 15408 (common criteria for cybersecurity) and UNECE (SUMS and CSMS) relevant in your environment?
Cybersecurity is of a growing concern across industries. Security is absolutely mission-critical in most environments, because systems are increasingly open for external penetration and because attackers are eager to hack. Even worse security directly impacts functionality, user experience and safety, and thus has become subject to product liability. For instance, functional safety is not feasible without a concise approach to cover cybersecurity.
Based on the specific challenges of security, companies must ensure effective protection against manipulations of electronic systems. Key points in the development of protected systems are the proper identification of security requirements, the systematic realization of security functions, and a security validation to demonstrate that security requirements have been met.
Based on years of experience with Cybersecurity and Safety, Vector Consulting Services supports with:
Vector SecurityCheck with risk analysis (TARA), trade-off assessment, prioritized proposals and initial methodical instructions
Our expertise in practically working with many companies worldwide enables uniform and effective implementation of cybersecurity. By embedding professional cybersecurity methodology into the lifecycle, we ensure building the necessary competences and facilitate efficient yet thorough implementation.
Cars are becoming more and more connected, and therefore vulnerable to the increasing cyber-attacks from the outside. This could severely threaten the safety of passengers and the public. However, the existing standards do not address the unique cybersecurity challenges in automotive engineering, e.g. safety, long life-cycle and use of embedded controllers. Thus, a uniformed guidelines and standards for automotive security need to be established.
ISO/SAE 21434 “Road vehicles – Cybersecurity engineering” is the future automotive security standard. It is important for the automotive product development and all related processes.
The ISO/SAE 21434 will define common terminologies across the global automotive supply chain and drive industry consensus on key cybersecurity issues. It sets minimum criteria for vehicle cybersecurity engineering and provides a governance reference to point to for engineering quality.
The new ISO/SAE 21434 safeguards the entire development process and lifecycle of a road vehicle and promotes “security by design”. Following the V-model, it includes requirements engineering, design, specification, implementation, test and operation.
The ISO/SAE 21434 is therefore a process-oriented standard and helps define a structured process to ensure cybersecurity along the lifecycle. It will not prescribe specific cybersecurity technology, solutions or remediation methods.
Definition of development process and sustainable implementation in line with the new ISO/SAE 21434
Vector SecurityCheck with threat and risk analysis (TARA), trade-off assessment, prioritized proposals and initial methodical instructions
Security analyses and security concept for end-to-end safeguards
Development and specification of security requirements based on threat scenarios and Automotive Common Criteria
Security testing and verification with penetration test, Fuzz testing, code analysis and architecture evaluation
Methodology and tool support for security-oriented tests and resilience
Process assessments for your suppliers
Awareness training on cybersecurity and ISO/SAE 21434 for managers and developers
Training and coaching for managers and developers for the effective implementation of ISO/SAE 21434 across the life-cycle
Interim Safety and Security Manager
"Vector Consulting Services is the right partner for Huawei. You helped us ramping up cybersecurity competences at Huawei with your experiences from TARA and security concept to verification and security testing."
- Li Hailin, Smart Car Solution, Huawei
"Vector Consulting Services is a good partner for Claas to implement cybersecurity. Claas had great benefits from the Vector team for TARA and Security Engineering."
- Alexander Grossmann, Manager, Claas
"Vector Consulting Services supported Panasonic with cybersecurity, demonstrating an outstanding level of expertise. The goal of a comprehensive TARA integrated into a security concept was achieved. The support was intense and very successful!"
- Michael Prantke, Project Manager, Panasonic
In this webinar of May 2020, based on our experience inside Vector and client projects, we will describe new standards and experiences. The webinar is structured into four parts: risk-oriented security, systematic security engineering, case studies and examples, conclusions and outlook.
COMPASS is a solution of Vector for planning, executing and evaluating assessments, audits and analyses. It satisfies all requirements relevant to an efficient audit and analysis tool (support based on different maturity models, assessment methods and other checks). COMPASS is not restricted to one specific maturity model, it rather supports different models and can be extended to customized models and checks if desired. This video gives a short introduction to COMPASS SecurityCheck.
Vector offers the complete cybersecurity portfolio. From basic software to tools for security consulting and auditing. Take advantage of our expertise in TARA, Design, Architecture and Code Analysis, Pen Testing, Security Verification, Fuzzing, Training and Coaching.
Our Security Verification and Testing service includes Architecture and Code Review, Static Code Analysis, Fuzz Testing and Pen Testing. It allows our experts to employ comprehensive security analysis from code and architecture level to targeted attacks, uncovering system weaknesses and potential risks. The methods and techniques used are similar to those deployed by hackers or crackers to break into a system.
A leading automotive OEM introduced software updates "over the air" (OTA). He had a lot of experiences with secure systems, but deliberately sought in this situation external support to implement thorough state-of-the-practice methods. With our risk based security methodology and broad global experiences in developing and maintaining safe systems Vector was the first choice.
Vector was asked to evaluate and optimize cybersecurity. First we did some workshops with the employees. This built the necessary initial security competences. At the same time we made the Vector SecurityCheck as an initial baseline. In addition we were able to evaluate the existing architecture and methodology. On this basis we initiated a comprehensive threat assessment (TARA: Threat and Risk Analysis). From the TARA results we derived security goals, which were then evaluated. It soon became clear that some mechanisms, such as secure boot, though necessary and effective, would take more time and effort than initially foreseen. With our risk oriented approach used we brought all necessary steps in a comprehensible framework. This framework was then implemented in the coming months - finally also adressinmg secure boot.
The risk oriented security methodology of Vector addressed the necessary threats with reasonable effort. At the same time we built a cybersecurity competence and culture in the company, which covered all relevant stakeholders in their respective roles.
Training and Coaching
Vector Consulting Services offers a comprehensive suite of training, competence evolution and coaching in the field of Cybersecurity: