Length: 3 Days
Print Friendly, PDF & Email

Automotive Cybersecurity Training

A connected car is one that can communicate bidirectionally with other systems outside of the car (LAN). This enables connected cars to share internet access and resultant data with other devices both inside and outside the vehicle.

General Motors was the first automaker to bring the first connected car features to market with OnStar in 1996 in Cadillac DeVille, Seville and Eldorado. By 2022, 125 million vehicles are expected to be connected – a number that will surely be dwarfed when 5G networks are widely available.

For all its potential, connected cars also bring risks of the cybersecurity kind. Like other conventional software, software used in cars will be exploited, especially if you consider the large number of cars shipped all-around the world.

This is a serious concern due to the car industry’s digital transformation which exposes new cybersecurity threats. Before the digital era and 5G architecture, what happened in your car typically stayed in your car. That of course is no longer the case. The influx of digital innovations, from infotainment connectivity to over-the-air (OTA) software updates, is turning cars into information clearinghouses.

While delivering significant customer value, these changes also expose vehicles to the seamier side of the digital revolution. Hackers and other black-hat intruders are attempting to gain access to critical in-vehicle electronic units and data, potentially compromising critical safety functions and customer privacy.

Cybersecurity professionals say this: Automotive players must consider cybersecurity over the entire product life cycle and not just up to when the car is sold to a customer, because new technical vulnerabilities can emerge at any time.

These issues can have a direct impact on customers and cars already on the road, thus effectively requiring OEMs to provide security-related software patches well into the car’s ownership life cycle.

Automotive Cybersecurity Training Course by Tonex

Automotive Cybersecurity Training — cybersecurity applied to automotive embedded systems — is a 3-day course where participants discuss fundamentals of embedded systems and applications of cybersecurity in vehicles to illustrate unique vulnerabilities that are commonly exploited.

Automotive Cybersecurity Training Course is a 3-day special program covering all aspects of Cybersecurity within the context of road vehicles. Participants will learn about protection of automotive electronic systems, embedded systems, communication networks, Controller Area Network (CAN bus), Ethernet, control algorithms, software, users, threat agents, vulnerabilities and underlying data from malicious attacks, damage, unauthorized access, or manipulation.

Participants will learn about methods and techniques regarding cybersecurity measures in the entire automotive system lifecycle and acquisition. Secure embedded systems in automotive applications include many procedures, methods and techniques to seamlessly integrate cybersecurity within automotive embedded system software.

Added security components to automotive embedded systems can impede a system’s functionality and impact the real-time performance of the mission critical systems. Automotive systems and software engineers, testers, hardware designers, developers and security analysts need a well-defined approach for simultaneously designing automotive embedded functionality and cybersecurity.

Secure automotive embedded systems might use a security co-processor to cryptographically ensure system confidentiality and integrity while maintaining functionality.

Participants will discover automotive cyberprotection applied to all automotive data, apps and systems.

Who Should Attend:

  • Application developers
  • Automotive Engineering Manager
  • Automotive Product & Infrastructure
  • Automotive Verification and Validation Engineers and Managers
  • Autonomous Vehicle Development Software and Hardware Engineers
  • Chief Security Officers (CSO)
  • Chief Information Security Officers (CISO)
  • Chief Information Officers (CIO) and IT Security directors
  • Chief Product Security Officers (CPSO)
  • Control Platform
  • Developers working with embedded systems
  • Embedded software engineers and testers
  • Ethernet and CAN Bus Software Engineers and Testers
  • Functional Safety Electrical Engineering
  • Hardware Testers
  • Information security professionals
  • Machine Learning Platform Engineers and Managers
  • Mechatronics Engineer, Sensor Cleaning Engineers and PMs
  • Product & Infrastructure Engineers and PMs
  • Product/process designers and engineers
  • Reliability Engineers
  • Reliability, Safety, Quality Assurance and Security Engineers
  • Software Engineer – FPGA Design
  • Software Engineer Robotics – Controls
  • System, Software and Hardware Test, Evaluation and Debug Engineers
  •  Security Operations Center (SOC) Managers and Team Leaders
  • Automotive embedded device & system engineers, designers, testers, manufacturers and suppliers
  • Smart vehicle and infrastructure security architects
  • Automotive and Infrastructure Penetration Testers

Takeaways from this course include:

  • Examining how to fit cybersecurity in automotive embedded systems
  • Fundamentals of automotive cybersecurity automotive cybersecurity such as CIA (Confidentiality, Integrity and Availability), Threat, Threat Agents/Vectors, Vulnerability, and Risk Assesment; Defense in Depth, etc.
  • Fundamentals of Embedded Systems
  • Fundamentals of automotive embedded system product design cycle, project management, design for production, V&V and O&M
  • Automotive Embedded Systems Security Requirements
  • Fundamentals of hardware and firmware analysis and design in automotive embedded design
  • Vulnerabilities in automotive embedded systems
  • Embedded hardware and firmware analysis to detect vulnerabilities
  • Foundation  knowledge of automotive cyber security threats, risks, mitigation strategies applied to embedded systems
  • Exploitable vulnerabilities in automotive embedded systems and techniques and strategies for systems engineering embedded systems
  • Communication protocols, wired and wireless networks, information and network attacks and their impact on automotive embedded subsystems and devices
  • Automotive risk assessment techniques and methodologies and using defensive tools for mitigating risk and vulnerabilities

Course Modules:

Cybersecurity Applied to Automotive

  • What is Cybersecurity?
  • Basic principles of CIA
  • Confidentiality
  • Embedded system’s critical information
  • Application code and surveillance data
  • Unauthorized entities
  • Integrity
  • Availability and mission objectives
  • Cyber Risks applied to Embedded Systems
  • Principles and practices designed to safeguard your embedded system
  • Hacking tools and entry points
  • Encryption and authentication
  • Data Integrity
  • Vulnerability analysis 101
  • Mitigation 101
  • Networking and network attacks
  • Role of wireless networks in the embedded systems
  • Embedded hardware and firmware analysis and reverse engineering
  • Embedded system security Threats
  • Intrusion
  • Virus, Worm, Trojan Horse (Malware)
  • Spyware
  • DoS
  • Secure software fundamentals

Introduction to Embedded Systems and their Applications in Automotive

  • Embedded Systems 101
  • Hardware Architecture
  • Software Development
  • Microprocessor Primer
  • Basic architecture
  • Programmer’s view
  • Embedded Operating Systems
  • Case Study: Embedded Vehicle System
  • Embedded Systems Engineering
  • Application Software
  • System Software
  • RTOS/Logic
  • Firmware/HAL
  • Hardware

Automotive Cybersecurity Strategies

  • Strategies to build in security by deign processes
  • ISO 21434 implementation
  • Embedded systems security developments,
  • Intrusion and threat detection strategies
  • Secured product engineering
  • Autonomous Vehicle Software
  • Automotive digital assets protection
  • Automotive Safety, Security, Privacy, and Reliability
  • Vectors of Automotive Cyber Protection
  • Internet of Things (IoT)
  • Robotics
  • Self-driving Cars
  • Next Gen Computing
  • Blockchain
  • Artificial Intelligence (AI) and Machine Learning (ML)
  • Quantum Technologies
  • Computer Vision
  • Embedded Systems
  • Embedded Linux

Automotive Embedded System Vulnerability Analysis

  • Networking and network attacks
  • Wireless networks and embedded systems
  • Embedded hardware and firmware analysis
  • Exploiting Embedded Devices
  • The stages of router exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Cross Compiling
  • Modification and Creation of new firmware
  • Persistent Dynamic Backdoor
  • Firmware analysis and extraction
  • Finding and exploiting logic flaws
  • Firmware emulation and debugging
  • Finding and exploiting real-world overflows
  • Foundations of cyber security and emerging threats
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies: Encryption and authentication
  • Hardware Reverse Engineering
  • Attacking Automotive Firmware and Hardware
  • Attacking CAN Bus and Ethernet

Automotive Cybersecurity and Layers of Protection

  • Fundamental Vehicle Cybersecurity Protections
  • Protective/preventive measures and techniques
  • Real-time intrusion (hacking) detection measures
  • Real-time response methods
  • Assessment of solutions
  • Layered Approach
  • Information Technology Security Controls
  • Automotive Industry Cybersecurity Guidance
  • Vehicle Development Process with Explicit Cybersecurity Considerations
  • Leadership Priority on Product Cybersecurity
  • Information Sharing
  • Vulnerability Reporting/Disclosure Policy
  • Vulnerability / Exploit / Incident Response Process
  • Self-Auditing
  • Risk Assessment
  • Penetration Testing and Documentation
  • Self-Review
  • Control Keys
  • Control Vehicle Maintenance Diagnostic Access
  • Control Access to Firmware
  • Firmware Encryption
  • Limit Ability to Modify Firmware
  • Control Proliferation of Network Ports, Protocols and Services
  • Autonomous Vehicle Platform
  • The Autonomous Vehicle
  • Drive software engineering best practices
  • ROS or other robotics frameworks
  • Software Systems Test
  • Embedded Linux

Cybersecurity Best Practices for Modern Vehicles

  • Use Segmentation and Isolation Techniques in Vehicle Architecture Design
  • Control Internal Vehicle Communications
  • Log Events
  • Control Communication to Back-End Servers
  • Control Wireless Interfaces
  • Serviceability
  • Secure Coding
  • Static and Dynamic Code Analysis

Standards Development and Best Practices

  • NHTSA – Cybersecurity Best Practices for Modern Vehicles
  • NHTSA and Vehicle Cybersecurity
  • Global Automakers – Framework for Automotive Cybersecurity Best Practices
  • Auto-ISAC – Best Practices Executive Summary
  • Auto Alliance initiatives
  • IEEE – Automotive Cybersecurity information
  • NHTSA – Cybersecurity overview
  • MISRA C & MISRA C++ Coding Standards Compliance
  • C++11
  • DO-178C
  • ISO-26262
  • IEC-62304

Securing Automotive Embedded Systems Interfaces and Protocols

  • Embedded Systems Communication Protocols
  • Universal Asynchronous Receiver/Transmitter (UART)
  • Serial Peripheral Interface (SPI)
  • Joint Test Action Group (JTAG)
  • Inter-integrated Circuit (I2C)
  • I2C bus
  • CAN bus
  • FireWire bus
  • USB
  • Parallel protocols
  • PCI bus
  • ARM bus
  • Wireless protocols
  • IrDA
  • Bluetooth
  • Bluetooth LE (BLE)
  • IEEE 802.11
  • NFC
  • RFID
  • 15.4
  • 6LowPAN
  • Thread
  • Zigbee
  • Z-Wave

Cybersecurity Attacks and Best Mitigation Practices for Automotive Embedded Systems

  • Non-Invasive Hardware Reverse Engineering
  • Component identification
  • Tracking PCB traces
  • Re-producing schematic and block diagrams
  • Bus Sniffing
  • Interface Analysis
  • Communications protocols sniffing
  • Decoding and deciphering captured bits
  • Critical data identification and detection
  • Component removal and replacement
  • Dealing with surface mount components
  • Electronics and circuit analysis
  • Understanding your tools and their effects on the circuit
  • Understanding the circuit and its effect on your tools
  • Security Measures

Evaluating Cybersecurity Practices for Modern Vehicles

  • Architecture for embedded systems
  • Patterns and real-time constraints
  • Automotive Embedded software testing and validation
  • Practical ways and techniques to test for safety requirements
  • How to develop and test safety requirements
  • Automotive On-board tamper-prevention and evidence
  • Automotive Embedded systems safeguarding and exploitation
  • Cyber-physical attacks and countermeasures
  • Big data and cloud data security in Automotive and V2X ecosystems

Case Study and Workshop

  • Cybersecurity Analysis of Embedded Systems used in a Modern Semi-Autonomous and Autolooms Vehicle
    • Design Process
    • Embedded system CONOPS
    • Mission objectives
    • CONOPS
    • Test and evaluation
    • Functional requirements
    • Threat analysis
    • System design
    • Security requirements
    • Performance evaluation
    • Security evaluation
    • System Implementation Security
    • Attack surface
    • Boot process, system data, and software
    • Physical attack surface
    • Root of trust establishment
    • Trust hardware and software components
    • Trusted platform module (TPM)
    • Operating system (OS)
    • Mission-specific application code (Apps)
    • Field-programmable gate array (FPGA)
    • BIOS
    • Boot process
    • Startup
    • Trusted computing base (TCB)
    • Secure Coding Guidelines Are Important
    • C and C++ programming languages for embedded development
    • CWE List & CERT Secure Coding Standards
    • CWE vs. CERT vs. MISRA
    • MISRA C Security Rules
    • Static code analyzers enforce coding rules and flag security violations
    • Helix QAC: CERT, MISRA, and CWE  to ensure secure software

Automotive Cybersecurity Training

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.