The document discusses cybersecurity challenges facing the automotive industry as vehicles become more connected and software-defined. As modern cars now resemble computers and receive over-the-air software updates, they are vulnerable to cyber attacks which could compromise safety systems or require large recalls. A 3-day training course is described that covers vulnerabilities in automotive embedded systems, network security best practices, and methods for securing interfaces and protocols to protect vehicles from cyber threats. The training is intended for professionals across automotive engineering, product development, and information security fields.
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Automotive Cybersecurity Embedded Systems Training
1.
2. In the past decade, the automotive industry has
undergone tremendous technological changes in terms of
connectivity and personal mobility.
Modern cars are more and more like computers rather
than mechanical products. It is not uncommon for
modern cars to have remote connectivity and high-tech
features, such as touch-sensitive dashboards, which can
keep themselves up to date through regular software
updates.
3. The risk of a cyber attack will depend on the potential
outcome and the factors that determine the likelihood of
the attack.
In the automotive industry, the consequences can be
severe-if safety-related functions are compromised, it can
cause injury or death, and if a large number of vehicles
are threatened or required to be recalled, it can cause
serious damage to reputation.
4. In the new digital age, due to the vehicle’s wireless
communication capabilities, mobile devices (such as
cellular phones or tablets connected to the vehicle via
USB, Bluetooth or Wi-Fi) may have vulnerabilities inside
or inside, and this problem is becoming more and more
disturbing Third-party equipment connected through the
vehicle diagnostic port.
5. As the digital transformation of the automotive industry
exposes new cybersecurity threats, this is a serious
problem. Before the digital age and the advent of 5G
architecture, what happened in your car usually stayed in
your car.
Of course this is no longer the case. The influx of digital
innovation from infotainment connections to over-the-air
(OTA) software updates is turning cars into clearing
houses.
6. In cooperation with the National Institute of Standards
and Technology Cybersecurity Framework, the
automotive industry has been actively responding to
automotive cybersecurity challenges and continuously
exploring ways to mitigate related risks.
Therefore, regulators and governments have worked
hard to ensure that network security has become an
indispensable focus at all levels of the automotive supply
chain.
7. Adding security components to automotive embedded
systems may hinder the function of the system and affect
the real-time performance of mission-critical systems.
Automotive system and software engineers, testers,
hardware designers, developers, and security analysts
need a well-defined method to simultaneously design
automotive embedded functions and network security.
8. Secure automotive embedded systems may use
security coprocessors to cryptographically ensure
the confidentiality and integrity of the system
while maintaining functionality.
9. Tonex's Automotive Cybersecurity Training
Automotive Cyber Security Training (Network Security
for Automotive Embedded Systems) is a 3-day course.
Participants will discuss the basic principles of
embedded systems and the application of cyber security
in vehicles to illustrate unique vulnerabilities that are
commonly exploited.
10. Learn about:
• Protection of automotive electronic systems
• Embedded systems
• Communication networks
• Controller Area Network (CAN bus)
• Ethernet
• Control algorithms
• Software
• Threat agents
• Vulnerabilities
• Underlying data from malicious attacks, damage,
unauthorized access, or manipulation.
11. Participants will study methods and technologies
related to the entire automotive system life cycle and
cyber security measures during the purchase
process. Security embedded systems in automotive
applications include many programs, methods and
technologies that can seamlessly integrate network
security into automotive embedded system software.
Participants will discover automotive network
protection that applies to all or any automotive data,
applications and systems.
12. Who Should Attend:
• Chief Product Security Officers (CPSO)
• Control Platform
• Developers working with embedded systems
• Embedded software engineers and testers
• Ethernet and CAN Bus Software Engineers and
Testers, Hardware Testers
• Functional Safety Electrical Engineering
• Information security professionals
• Machine Learning Platform Engineers and Managers
• Mechatronics Engineer, Sensor Cleaning Engineers
and PMs
13. Who Should Attend:
• Application developers
• Automotive Engineering Manager
• Automotive Product & Infrastructure
• Automotive Verification and Validation Engineers
and Managers
• Autonomous Vehicle Development Software and
Hardware Engineers
• Chief Security Officers (CSO)
• Chief Information Security Officers (CISO)
• Chief Information Officers and IT Security directors
14. Who Should Attend:
• Product & Infrastructure Engineers and PMs
• Product/process designers and engineers
• Reliability Engineers
• Reliability, Safety, Quality Assurance and Security
Engineers
• Software Engineer – FPGA Design
• Software Engineer Robotics – Controls
• System, Software and Hardware Test, Evaluation and
Debug Engineers
• Security Operations Center (SOC) Managers and
Team Leaders
15. The Main Points of This Course Include:
• Hardware and firmware analysis and design basis in
automotive embedded design
• Vulnerabilities in automotive embedded systems
• Embedded hardware and firmware analysis to
detect vulnerabilities
• Master the basic knowledge of automotive cyber
security threats, risks and mitigation strategies
applicable to embedded systems
• Exploitable vulnerabilities in automotive embedded
systems and technologies and strategies for systems
engineering embedded systems
16. The Main Points of This Course Include:
• Check how to adapt to network security in
automotive embedded systems
• The basics of automotive network security.
• Automotive network security, threats, threat
agents/vectors, vulnerability and risk assessment;
defense in depth, etc.
• Embedded system foundation
• Basic knowledge of automotive embedded system
product design cycle, project management,
production design, V&V and O&M.
17. The Main Points of This Course Include:
• Safety requirements for automotive embedded
systems
• Communication protocols, wired and wireless
networks, information and network attacks and
their impact on automotive embedded subsystems
and equipment
• Automotive risk assessment techniques and
methods, and use defensive tools to mitigate risks
and vulnerabilities
18. Course Outline:
• Cybersecurity Applied to Automotive
• Introduction to Embedded Systems and their
Applications in Automotive
• Automotive Cybersecurity Strategies
• Automotive Embedded System Vulnerability
Analysis
• Automotive Cybersecurity and Layers of Protection
• Cybersecurity Best Practices for Modern Vehicles
• Standards Development and Best Practices
• Securing Automotive Embedded Systems Interfaces
and Protocols
19. Course Outline:
• Cybersecurity Attacks and Best Mitigation Practices
for Automotive Embedded Systems
• Evaluating Cybersecurity Practices for Modern
Vehicles
• Case Study and Workshop (ISO/SAE 21434
Framework)
20. For More Information:
Automotive Cybersecurity Training
https://www.tonex.com/training-courses/
automotive-cybersecurity-training-course/