Cybersecurity is necessary for every engineer today. Increasingly systems in the networked vehicle are critical to safety. Functional security cannot be achieved without a comprehensive concept for cybersecurity. This training shows how cybersecurity in automotive systems can be successfully implemented. We show which technologies matter and how tools help.
Automotive cybersecurity is of growing concern for the entire automotive industry. It is today not anymore nice to have, because systems are interconnected, and in one way or the other open for external penetration. Even worse security directly impacts functionality, user experience and safety, and thus has become subject to product liability. For instance, functional safety is not feasible without a concise approach to cover security.
Security gains has become a key challenge across industries. More and more systems are networked and are attacked. Absolute security does not exist, but you can effectively protect. Our training is the introduction and implementation of risk-based cybersecurity in practice. The following questions are addressed: How to identify security objectives? How do I assess the security on the basis of basic methods how TARA (Threat and Risk Analysis) and deducing security objective from? What are the typical threats? Since there can be no absolute cybersecurity, the focus of the training is on a risk-based approach and of the necessary consistent methodology.
Content and Agenda
Cybersecurity foundations for automotive applications
Current threats and methodology
Security Standards (e.g., SAE-J3061-2016, ISO-SAE-21434), legal obligations and governance
Threat analysis and risk assessment with TARA
Efficient implementation of security in the lifecycle from the security assets to the risk analysis to the consistent implementation throughout the entire lifecycle
Practical experience and hands-on case studies
Our training shows how cybersecurity can be successfully implemented in automotive systems. Three different yet related approaches will be described in detail, namely 1. Product, that is cybersecurity at the system level, 2. Process, covering the implementation of security concepts in the entire life-cycle, 3. Field, that is cybersecurity applicable after-sales activities.
Many practical examples from our worldwide projects will emphasize how to implement cybersecurity focused and at reasonable cost. Examples include the full set of methods, such as TARA, but also concrete case studies such as over-the-air (OTA) software upgrades.
This training provides an introduction to the fundamentals and practice of cybersecurity engineering. It introduces the basic techniques for specification, analysis, testing and proofing of security. We show in practice how these techniques are applied, and help to introduce relevant processes and tools. In particular, we will show with the introduction of show to introduce and ramp up cybersecurity in the company.
"Thank you very much for sharing your precious experience with this training program."
- Zerong Yu, Robert Bosch Japan
"High practical orientation, concrete personalized action list throughout the entire seminar."
- T. Strauch, Siemens
Do you want to adapt this training to your own examples and challenges? Looking for a workout that delivers practical exercises adjusted to your environment? Then, we suggest that you have this training conducted in-house, where you can decide on focus, speed and the training schedule. We also offer dedicated crash courses for employees and management.
Engineers in product development, system and software engineers, security and safety engineers and managers, architects, engineering managers, project managers, purchasing, quality managers.
About our Trainers
Dr. Arnulf Braatz is a manager at Vector Consulting Services. Previously he worked as a project manager in development projects as well as a software architect. Dr. Braatz supports companies worldwide to improve their safety and security projects, development processes and change management. He works across industries in the field of engineering methods, system and IT architecture, requirements engineering, and to improve efficiency.
Youssef Rekik is a consultant and software developer at Vector Consulting Services. He is heavily involved in the development of security applications for smart connected embedded devices with focus on network security and communication technologies.
Prof. Dr. Christof Ebert is managing director at Vector Consulting Services. He supports clients around the world to improve product strategy and product development and to manage organizational changes. Before he had been working for ten years in global senior management positions. A trusted advisor for companies around the world and a member of several of industry boards, he is a professor at the University of Stuttgart and at Sorbonne in Paris. He authored several books including the most recent “Global Software and IT” published by Wiley. For many years he has been serving on the editorial Board of the prestigious "IEEE Software" journal. Twitter: @ChristofEbert.
Admission price includes full documentation on paper and as PDF and also our Vector book on "Automotive Embedded Engineering" with lots of best practices, project experiences and state of the art technology. Naturally all participants benefit from our rich coffee breaks and a quality lunch in our spectacular Vector restaurant. Each participant will receive a qualifying certificate for this intensive training.
Ask for our reductions as of 3 participants of the same company.