Automotive Cybersecurity Training by Tonex

Automotive Cybersecurity Training course is a 3-day program covers all aspects of automotive cybersecurity. Better automotive cybersecurity has become a rallying cry in the automotive industry.

Increasingly, today’s vehicles feature driver assistance technologies, such as forward collision warning, automatic emergency braking, and vehicle safety communications. In the future, the deployment of driver assistance technologies may result in avoiding crashes altogether, particularly crashes attributed to human drivers’ choices.

But with these 5G-inspired technologies have come 5G problems such as increased security violations due to more access points for cyber criminals.

In reality, cybersecurity is becoming a new dimension of quality for automobiles. The cyber risk of connected cars has become clear with security researchers revealing various technical vulnerabilities. In these cases, the attackers disclosed their findings to OEMs to help them fix the issues before malicious attackers caused harm.

Cybersecurity professionals overwhelmingly want to see automotive players deploy cybersecurity over the entire product life cycle and not just up to when the car is sold to a customer.

There’s also a call for tighter standards and guidelines for specific technical procedures for securing hardware and software in vehicles, such as standards for hardware encryption or secure communication among electronic control units (ECUs).

Consequently, nations are upping the ante regarding cybersecurity safeguards for the automotive industry. For example, the United Nations Economic Commission for Europe (UNECE)  is working on regulations to improve automotive cybersecurity and software update management under the WP.29 regulations expected to be mandatory for all new vehicles produced beginning in July 2024.

Additionally, the International Organization for Standardization (ISO) is developing automotive cybersecurity standards. The ISO/SAE 21434 standard establishes “cybersecurity by design” throughout the entire lifecycle of the vehicle.

ISO 21434 provides the model for developing a risk assessment system and specifies details on processes and work products.

Other organizations like the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) has adopted a multi-faceted research approach that leverages the National Institute of Standards and Technology Cybersecurity Framework and encourages industry to adopt practices that improve the cybersecurity posture of their vehicles in the United States.

NHTSA’s goal is to collaborate with the automotive industry to proactively address vehicle cybersecurity challenges, and to continuously seek methods to mitigate associated safety risks.

Automotive Cybersecurity Training Course by Tonex

Automotive Cybersecurity Training — cybersecurity applied to automotive embedded systems — is a 3-day course where participants discuss fundamentals of embedded systems and applications of cybersecurity in vehicles to illustrate unique vulnerabilities that are commonly exploited.

Automotive Cybersecurity Training covers all aspects of cybersecurity within the context of road vehicles. Participants will learn about protection of automotive electronic systems, embedded systems, communication networks, Controller Area Network (CAN bus), Ethernet, control algorithms, software, users, threat agents, vulnerabilities and underlying data from malicious attacks, damage, unauthorized access, or manipulation.

Participants will learn about methods and techniques regarding cybersecurity measures in the entire automotive system lifecycle and acquisition. Secure embedded systems in automotive applications include many procedures, methods and techniques to seamlessly integrate cybersecurity within automotive embedded system software.

Added security components to automotive embedded systems can impede a system’s functionality and impact the real-time performance of the mission critical systems. Automotive systems and software engineers, testers, hardware designers, developers and security analysts need a well-defined approach for simultaneously designing automotive embedded functionality and cybersecurity.

Secure automotive embedded systems might use a security co-processor to cryptographically ensure system confidentiality and integrity while maintaining functionality.

Participants will discover automotive cyber protection applied to all automotive data, apps and systems.

Learning Objectives:
Upon completing this course, participants will be able to:

• Learn the fundamental concepts of automotive cybersecurity.
• Identify potential cyber threats and vulnerabilities specific to automotive systems.
• Design and implement effective cybersecurity strategies tailored for automotive applications.
• Analyze and assess the security of automotive components, networks, and communication protocols.
• Mitigate cyber risks through the integration of security measures and best practices in automotive design and development.
• Stay up-to-date with the latest trends and emerging threats in the field of automotive cybersecurity.

Who Should Attend:

• Application developers
• Automotive Engineering Manager
• Automotive Product & Infrastructure
• Automotive Verification and Validation Engineers and Managers
• Autonomous Vehicle Development Software and Hardware Engineers
• Chief Security Officers (CSO)
• Chief Information Security Officers (CISO)
• Chief Information Officers (CIO) and IT Security directors
• Chief Product Security Officers (CPSO)
• Control Platform
• Developers working with embedded systems
• Embedded software engineers and testers
• Ethernet and CAN Bus Software Engineers and Testers
• Functional Safety Electrical Engineering
• Hardware Testers
• Information security professionals
• Machine Learning Platform Engineers and Managers
• Mechatronics Engineer, Sensor Cleaning Engineers and PMs
• Product & Infrastructure Engineers and PMs
• Product/process designers and engineers
• Reliability Engineers
• Reliability, Safety, Quality Assurance and Security Engineers
• Software Engineer – FPGA Design
• Software Engineer Robotics – Controls
• System, Software and Hardware Test, Evaluation and Debug Engineers
•  Security Operations Center (SOC) Managers and Team Leaders
• Automotive embedded device & system engineers, designers, testers, manufacturers and suppliers
• Smart vehicle and infrastructure security architects
• Automotive and Infrastructure Penetration Testers

Takeaways from this course include:

• Examining how to fit cybersecurity in automotive embedded systems
• Fundamentals of automotive cybersecurity automotive cybersecurity such as CIA (Confidentiality, Integrity and Availability), Threat, Threat Agents/Vectors, Vulnerability, and Risk Assessment; Defense in Depth, etc.
• Fundamentals of Embedded Systems
• Fundamentals of automotive embedded system product design cycle, project management, design for production, V&V and O&M
• Automotive Embedded Systems Security Requirements
• Fundamentals of hardware and firmware analysis and design in automotive embedded design
• Vulnerabilities in automotive embedded systems
• Embedded hardware and firmware analysis to detect vulnerabilities
• Foundation  knowledge of automotive cyber security threats, risks, mitigation strategies applied to embedded systems
• Exploitable vulnerabilities in automotive embedded systems and techniques and strategies for systems engineering embedded systems
• Communication protocols, wired and wireless networks, information and network attacks and their impact on automotive embedded subsystems and devices
• Automotive risk assessment techniques and methodologies and using defensive tools for mitigating risk and vulnerabilities

Course Outline:

Cybersecurity Applied to Automotive

• What is Cybersecurity?
• Basic principles of CIA
• Confidentiality
• Embedded system’s critical information
• Application code and surveillance data
• Unauthorized entities
• Integrity
• Availability and mission objectives
• Cyber Risks applied to Embedded Systems
• Principles and practices designed to safeguard your embedded system
• Hacking tools and entry points
• Encryption and authentication
• Data Integrity
• Vulnerability analysis 101
• Mitigation 101
• Networking and network attacks
• Role of wireless networks in the embedded systems
• Embedded hardware and firmware analysis and reverse engineering
• Embedded system security Threats
• Intrusion
• Virus, Worm, Trojan Horse (Malware)
• Spyware
• DoS
• Secure software fundamentals

Introduction to Embedded Systems and their Applications in Automotive

• Embedded Systems 101
• Hardware Architecture
• Software Development
• Microprocessor Primer
• Basic architecture
• Programmer’s view
• Embedded Operating Systems
• Case Study: Embedded Vehicle System
• Embedded Systems Engineering
• Application Software
• System Software
• RTOS/Logic
• Firmware/HAL
• Hardware

Automotive Cybersecurity Strategies

• Strategies to build in security by deign processes
• ISO 21434 implementation
• Embedded systems security developments,
• Intrusion and threat detection strategies
• Secured product engineering
• Autonomous Vehicle Software
• Automotive digital assets protection
• Automotive Safety, Security, Privacy, and Reliability
• Vectors of Automotive Cyber Protection
• Internet of Things (IoT)
• Robotics
• Self-driving Cars
• Next Gen Computing
• Blockchain
• Artificial Intelligence (AI) and Machine Learning (ML)
• Quantum Technologies
• Computer Vision
• Embedded Systems
• Embedded Linux

Automotive Embedded System Vulnerability Analysis

• Networking and network attacks
• Wireless networks and embedded systems
• Embedded hardware and firmware analysis
• Exploiting Embedded Devices
• The stages of router exploitation
• Initial Reconnaissance
• Exploitation
• Firmware Unpacking and Modification
• Detecting
• Extracting
• Analysis
• Cross Compiling
• Modification and Creation of new firmware
• Persistent Dynamic Backdoor
• Firmware analysis and extraction
• Finding and exploiting logic flaws
• Firmware emulation and debugging
• Finding and exploiting real-world overflows
• Foundations of cyber security and emerging threats
• Hacking/exploitation techniques, tools and entry points
• Defensive technologies: Encryption and authentication
• Hardware Reverse Engineering
• Attacking Automotive Firmware and Hardware
• Attacking CAN Bus and Ethernet

Automotive Cybersecurity and Layers of Protection

• Fundamental Vehicle Cybersecurity Protections
• Protective/preventive measures and techniques
• Real-time intrusion (hacking) detection measures
• Real-time response methods
• Assessment of solutions
• Layered Approach
• Information Technology Security Controls
• Automotive Industry Cybersecurity Guidance
• Vehicle Development Process with Explicit Cybersecurity Considerations
• Leadership Priority on Product Cybersecurity
• Information Sharing
• Vulnerability Reporting/Disclosure Policy
• Vulnerability / Exploit / Incident Response Process
• Self-Auditing
• Risk Assessment
• Penetration Testing and Documentation
• Self-Review
• Control Keys
• Control Vehicle Maintenance Diagnostic Access
• Control Access to Firmware
• Firmware Encryption
• Limit Ability to Modify Firmware
• Control Proliferation of Network Ports, Protocols and Services
• Autonomous Vehicle Platform
• The Autonomous Vehicle
• Drive software engineering best practices
• ROS or other robotics frameworks
• Software Systems Test
• Embedded Linux

Cybersecurity Best Practices for Modern Vehicles

• Use Segmentation and Isolation Techniques in Vehicle Architecture Design
• Control Internal Vehicle Communications
• Log Events
• Control Communication to Back-End Servers
• Control Wireless Interfaces
• Serviceability
• Secure Coding
• Static and Dynamic Code Analysis

Standards Development and Best Practices

• NHTSA – Cybersecurity Best Practices for Modern Vehicles
• NHTSA and Vehicle Cybersecurity
• Global Automakers – Framework for Automotive Cybersecurity Best Practices
• Auto-ISAC – Best Practices Executive Summary
• Auto Alliance initiatives
• IEEE – Automotive Cybersecurity information
• NHTSA – Cybersecurity overview
• MISRA C & MISRA C++ Coding Standards Compliance
• DO-178C
• ISO-26262
• IEC-62304

Securing Automotive Embedded Systems Interfaces and Protocols

• Embedded Systems Communication Protocols
• Universal Asynchronous Receiver/Transmitter (UART)
• Serial Peripheral Interface (SPI)
• Joint Test Action Group (JTAG)
• Inter-integrated Circuit (I2C)
• I2C bus
• CAN bus
• FireWire bus
• USB
• Parallel protocols
• PCI bus
• ARM bus
• Wireless protocols
• IrDA
• Bluetooth
• Bluetooth LE (BLE)
• IEEE 802.11
• NFC

Cybersecurity Attacks and Best Mitigation Practices for Automotive Embedded Systems

• Non-Invasive Hardware Reverse Engineering
• Component identification
• Tracking PCB traces
• Re-producing schematic and block diagrams
• Bus Sniffing
• Interface Analysis
• Communications protocols sniffing
• Decoding and deciphering captured bits
• Critical data identification and detection
• Component removal and replacement
• Dealing with surface mount components
• Electronics and circuit analysis
• Understanding your tools and their effects on the circuit
• Understanding the circuit and its effect on your tools
• Security Measures

Evaluating Cybersecurity Practices for Modern Vehicles

• Architecture for embedded systems
• Patterns and real-time constraints
• Automotive Embedded software testing and validation
• Practical ways and techniques to test for safety requirements
• How to develop and test safety requirements
• Automotive On-board tamper-prevention and evidence
• Automotive Embedded systems safeguarding and exploitation
• Cyber-physical attacks and countermeasures
• Big data and cloud data security in Automotive and V2X ecosystems

Case Study and Workshop (ISO/SAE 21434 Framework)

• Cybersecurity Analysis of Embedded Systems used in a Modern Semi-Autonomous and Autolooms Vehicle
  • Design Process
  • Embedded system CONOPS
  • Mission objectives
  • Test and evaluation
  • Functional requirements
  • Threat analysis
  • System design
  • Security requirements
  • Performance evaluation
  • Security evaluation
  • System Implementation Security
  • Attack surface
  • Boot process, system data, and software
  • Physical attack surface
  • Root of trust establishment
  • Trust hardware and software components
  • Trusted platform module (TPM)
  • Operating system (OS)
  • Mission-specific application code (Apps)
  • Field-programmable gate array (FPGA)
  • BIOS
  • Boot process
  • Startup
  • Trusted computing base (TCB)
  • Secure Coding Guidelines Are Important
  • C and C++ programming languages for embedded development
  • CWE List & CERT Secure Coding Standards
  • CWE vs. CERT vs. MISRA
  • MISRA C Security Rules
  • Static code analyzers enforce coding rules and flag security violations
  • Helix QAC: CERT, MISRA, and CWE  to ensure secure software

Automotive Threat Analysis and Risk Assessment (TARA) Method

• The TARA method
• Risk evaluation, assessment, treatment, and planning for identified risks
• Applying ISO SAE 21434 standard
• Applying Automotive TARA Method to ISO SAE 21434 standard
• Organizational cyber security plan and cyber security assurance levels in depth.
• NIST SP-800-30 and ISO IEC 31010,
• Attack feasibility or likelihood and associated impacts
• Apply the TARA method
• Standard confidentiality, integrity, and availability (C, I, A) ratings
• Safety, financial, operational, and privacy (S, F, O, P)
• Threats or vulnerabilities
• Evaluating window of opportunity with TARA Method
• Calculate and communicate the risk
• Calculating impact of risk TARA Method
• Cyber security assurance levels in the automotive supply chain
• Functional safety requirements of ISO 26262
• Requirements of Automotive Safety Integrity Levels (ASIL)
• Automotive cyber security standard ISO SAE 21434 requirements for cyber security risk management of road vehicle electrical and electronic systems
• Applying cyber security assurance levels
• Determining the number of levels needed
• Tailoring cyber security assurance activities

Why Choose Tonex?

Automotive Cybersecurity Training by Tonex provides a deep dive into the critical field of securing modern automotive systems against cyber threats. With the rapid integration of connectivity and advanced technologies in vehicles, the automotive industry faces an increasing need for cybersecurity expertise to safeguard vehicles from potential cyber-attacks. This course equips participants with the knowledge and skills required to design, implement, and manage robust cybersecurity solutions for automotive systems, ensuring the safety and integrity of connected vehicles.

Course Book: Autonomous Vehicles, Volume 2: Smart Vehicles for Communication

By by Romil Rawat (Editor), Purvee Bhardwaj (Editor), Upinder Kaur (Editor), Shrikant Telang (Editor), & 2 more

Description