Automotive Cybersecurity

  • Do you need to harden your systems against attacks from inside or outside?
  • Do you want to implement the state of practice methods and tools for integrated cybersecurity?
  • Are standards such as ISO 27001 (IT Security), ISO 21434 and SAE J3061 (automotive security) or ISO 15408 (common criteria for cybersecurity) and UNECE (SUMS and CSMS) relevant in your environment?

Cybersecurity is of a growing concern across industries. Security is absolutely mission-critical in most environments, because systems are increasingly open for external penetration and because attackers are eager to hack. Even worse security directly impacts functionality, user experience and safety, and thus has become subject to product liability. For instance, functional safety is not feasible without a concise approach to cover cybersecurity.

Based on the specific challenges of security, companies must ensure effective protection against manipulations of electronic systems. Key points in the development of protected systems are the proper identification of security requirements, the systematic realization of security functions, and a security validation to demonstrate that security requirements have been met.

Our Solutions

Based on years of experience with Cybersecurity and Safety, Vector Consulting Services supports with:

  • Vector SecurityCheck with risk analysis (TARA), trade-off assessment, prioritized proposals and initial methodical instructions
  • Interim Safety and Security Manager
  • Support in the implementation of the vehicle cybersecurity and data protection: UNECE WP.29 standards for Cybersecurity Management System (CSMS) and Software Update Management System (SUMS)
  • Develop, specify and check security requirements based on threat scenarios and Automotive Common Criteria
  • Sustainable implementation of ISO 27001, SAE J3061, ISO 15408 and ISO 21434
  • Security testing with Penetration Test, code analysis and architecture evaluation
  • Methodology and tool support for security-oriented tests and resilience
  • Process assessments for your suppliers with focus on safety and security
  • Awareness training on cybersecurity for managers and developers
  • Training and coaching of managers and developers to the effective implementation of cybersecurity across the life-cycle

Your Benefits

Our expertise in practically working with many companies worldwide enables uniform and effective implementation of cybersecurity. By embedding professional cybersecurity methodology into the lifecycle, we ensure building the necessary competences and facilitate efficient yet thorough implementation.

 

ISO/SAE 21434 and Vector Solutions

Cars are becoming more and more connected, and therefore vulnerable to the increasing cyber-attacks from the outside. This could severely threaten the safety of passengers and the public. However, the existing standards do not address the unique cybersecurity challenges in automotive engineering, e.g. safety, long life-cycle and use of embedded controllers. Thus, a uniformed guidelines and standards for automotive security need to be established.

ISO/SAE 21434 “Road vehicles – Cybersecurity engineering” is the future automotive security standard.  It is important for the automotive product development and all related processes.

The ISO/SAE 21434 will define common terminologies across the global automotive supply chain and drive industry consensus on key cybersecurity issues. It sets minimum criteria for vehicle cybersecurity engineering and provides a governance reference to point to for engineering quality.

Show more

The new ISO/SAE 21434 safeguards the entire development process and lifecycle of a road vehicle and promotes “security by design”. Following the V-model, it includes requirements engineering, design, specification, implementation, test and operation.

The ISO/SAE 21434 is therefore a process-oriented standard and helps define a structured process to ensure cybersecurity along the lifecycle. It will not prescribe specific cybersecurity technology, solutions or remediation methods.

Show more
  • Definition of development process and sustainable implementation in line with the new ISO/SAE 21434
  • Vector SecurityCheck with threat and risk analysis (TARA), trade-off assessment, prioritized proposals and initial methodical instructions
  • Security analyses and security concept for end-to-end safeguards
  • Development and specification of security requirements based on threat scenarios and Automotive Common Criteria
  • Security testing and verification with penetration test, Fuzz testing, code analysis and architecture evaluation
  • Methodology and tool support for security-oriented tests and resilience
  • Process assessments for your suppliers
  • Awareness training on cybersecurity and ISO/SAE 21434 for managers and developers
  • Training and coaching for managers and developers for the effective implementation of ISO/SAE 21434 across the life-cycle
  • Interim Safety and Security Manager

 

Show more

Customer Reference

"Vector Consulting Services is the right partner for Huawei. You helped us ramping up cybersecurity competences at Huawei with your experiences from TARA and security concept to verification and security testing."

- Li Hailin, Smart Car Solution, Huawei

 

"Vector Consulting Services is a good partner for Claas to implement cybersecurity. Claas had great benefits from the Vector team for TARA and Security Engineering."

- Alexander Grossmann, Manager, Claas

 

"Vector Consulting Services supported Panasonic with cybersecurity, demonstrating an outstanding level of expertise. The goal of a comprehensive TARA integrated into a security concept was achieved. The support was intense and very successful!"

- Michael Prantke, Project Manager, Panasonic

 

Videos/Tutorials

COMPASS SecurityCheck

Factsheets for download

Vector offers the complete cybersecurity portfolio. From basic software to tools for security consulting and auditing. Take advantage of our expertise in TARA, Design, Architecture and Code Analysis, Pen Testing, Security Verification, Fuzzing, Training and Coaching.

More information is available in our Security Solutions Factsheet. Get to know your advantages with us!

Show more

Our Security Verification and Testing service includes Architecture and Code Review, Static Code Analysis, Fuzz Testing and Pen Testing. It allows our experts to employ comprehensive security analysis from code and architecture level to targeted attacks, uncovering system weaknesses and potential risks. The methods and techniques used are similar to those deployed by hackers or crackers to break into a system.

Download our Factsheet Security Verification and Testing and learn more our our Cybersecurity competencies!

Show more

Reference Project

Initial Situation

A leading automotive OEM introduced software updates "over the air" (OTA). He had a lot of experiences with secure systems, but deliberately sought in this situation external support to implement thorough state-of-the-practice methods. With our risk based security methodology and broad global experiences in developing and maintaining safe systems Vector was the first choice.

Show more

Solution

Vector was asked to evaluate and optimize cybersecurity. First we did some workshops with the employees. This built the necessary initial security competences. At the same time we made the Vector SecurityCheck as an initial baseline. In addition we were able to evaluate the existing architecture and methodology. On this basis we initiated a comprehensive threat assessment (TARA: Threat and Risk Analysis). From the TARA results we derived security goals, which were then evaluated. It soon became clear that some mechanisms, such as secure boot, though necessary and effective, would take more time and effort than initially foreseen. With our risk oriented approach used we brought all necessary steps in a comprehensible framework. This framework was then implemented in the coming months - finally also adressinmg secure boot.

Show more

Result

The risk oriented security methodology of Vector addressed the necessary threats with reasonable effort. At the same time we built a cybersecurity competence and culture in the company, which covered all relevant stakeholders in their respective roles.

Show more

Training and Coaching

Vector Consulting Services offers a comprehensive suite of training, competence evolution and coaching in the field of Cybersecurity: