Length: 3 Days
Print Friendly, PDF & Email

Automotive Cybersecurity Training

Cybersecurity, within the context of road vehicles, is the protection of automotive electronic systems, communication networks, control algorithms, software, users, and underlying data from malicious attacks, damage, unauthorized access or manipulation.

In the new digital era, this problem is increasingly disturbing as vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device — such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi — or within a third-party device connected through a vehicle diagnostic port.

This is a serious concern due to the car industry’s digital transformation which exposes new cybersecurity threats. Before the digital era and 5G architecture, what happened in your car typically stayed in your car. That of course is no longer the case. The influx of digital innovations, from infotainment connectivity to over-the-air (OTA) software updates, is turning cars into information clearinghouses.

Today’s automobile is highly sophisticated. A modern car typically has more than 100 microprocessors, 50 electronic control units, and 100 million lines of software code, more code than a large hadron collider, an F-35 fighter jet, a Boeing 787 and the Mars Curiosity Rover combined. Consequently, a comprehensive and cooperative cybersecurity environment is required; across platforms, across vehicles and across cities.

The automotive industry, collaborating with the National Institute of Standards and Technology Cybersecurity Framework, has been proactively addressing vehicle cybersecurity challenges and continuously exploring methods to mitigate associated risks.

Consequently, regulators and governments have worked to ensure that cybersecurity becomes an integral focus along every level of the automotive supply chain.

One of those regulations, UNECE WP.29, is the first national (or international) regulation on the topic of cybersecurity for connected and autonomous vehicles. Drafted by the United Nations World Forum for Harmonization of Vehicle Regulations, the requirements and text of WP.29 were approved and published in June 2020 and makes cybersecurity relevant for the approval of new vehicle types.

This regulation is expected to pave the way for a mandatory Cybersecurity Management System.

The automotive industry is also developing the ISO/SAE 21434 standard for the cybersecurity of vehicles within the framework of the International Organization for Standardization (ISO) and SAE International.

The standard was specifically developed to ensure the safety and security of the ultimate road-user/driver, and as such, the determinant levels of risk and corresponding cybersecurity measures are set based on the final impact on the driver.

Automotive Cybersecurity Training Course by Tonex

Automotive Cybersecurity Training — cybersecurity applied to automotive embedded systems — is a 3-day course where participants discuss fundamentals of embedded systems and applications of cybersecurity in vehicles to illustrate unique vulnerabilities that are commonly exploited.

Automotive Cybersecurity Training covers all aspects of cybersecurity within the context of road vehicles. Participants will learn about protection of automotive electronic systems, embedded systems, communication networks, Controller Area Network (CAN bus), Ethernet, control algorithms, software, users, threat agents, vulnerabilities and underlying data from malicious attacks, damage, unauthorized access, or manipulation.

Participants will learn about methods and techniques regarding cybersecurity measures in the entire automotive system lifecycle and acquisition. Secure embedded systems in automotive applications include many procedures, methods and techniques to seamlessly integrate cybersecurity within automotive embedded system software.

Added security components to automotive embedded systems can impede a system’s functionality and impact the real-time performance of the mission critical systems. Automotive systems and software engineers, testers, hardware designers, developers and security analysts need a well-defined approach for simultaneously designing automotive embedded functionality and cybersecurity.

Secure automotive embedded systems might use a security co-processor to cryptographically ensure system confidentiality and integrity while maintaining functionality.

Participants will discover automotive cyberprotection applied to all automotive data, apps and systems.

Who Should Attend:

  • Application developers
  • Automotive Engineering Manager
  • Automotive Product & Infrastructure
  • Automotive Verification and Validation Engineers and Managers
  • Autonomous Vehicle Development Software and Hardware Engineers
  • Chief Security Officers (CSO)
  • Chief Information Security Officers (CISO)
  • Chief Information Officers (CIO) and IT Security directors
  • Chief Product Security Officers (CPSO)
  • Control Platform
  • Developers working with embedded systems
  • Embedded software engineers and testers
  • Ethernet and CAN Bus Software Engineers and Testers
  • Functional Safety Electrical Engineering
  • Hardware Testers
  • Information security professionals
  • Machine Learning Platform Engineers and Managers
  • Mechatronics Engineer, Sensor Cleaning Engineers and PMs
  • Product & Infrastructure Engineers and PMs
  • Product/process designers and engineers
  • Reliability Engineers
  • Reliability, Safety, Quality Assurance and Security Engineers
  • Software Engineer – FPGA Design
  • Software Engineer Robotics – Controls
  • System, Software and Hardware Test, Evaluation and Debug Engineers
  •  Security Operations Center (SOC) Managers and Team Leaders
  • Automotive embedded device & system engineers, designers, testers, manufacturers and suppliers
  • Smart vehicle and infrastructure security architects
  • Automotive and Infrastructure Penetration Testers

Takeaways from this course include:

  • Examining how to fit cybersecurity in automotive embedded systems
  • Fundamentals of automotive cybersecurity automotive cybersecurity such as CIA (Confidentiality, Integrity and Availability), Threat, Threat Agents/Vectors, Vulnerability, and Risk Assesment; Defense in Depth, etc.
  • Fundamentals of Embedded Systems
  • Fundamentals of automotive embedded system product design cycle, project management, design for production, V&V and O&M
  • Automotive Embedded Systems Security Requirements
  • Fundamentals of hardware and firmware analysis and design in automotive embedded design
  • Vulnerabilities in automotive embedded systems
  • Embedded hardware and firmware analysis to detect vulnerabilities
  • Foundation  knowledge of automotive cyber security threats, risks, mitigation strategies applied to embedded systems
  • Exploitable vulnerabilities in automotive embedded systems and techniques and strategies for systems engineering embedded systems
  • Communication protocols, wired and wireless networks, information and network attacks and their impact on automotive embedded subsystems and devices
  • Automotive risk assessment techniques and methodologies and using defensive tools for mitigating risk and vulnerabilities

Course Modules:

Cybersecurity Applied to Automotive

  • What is Cybersecurity?
  • Basic principles of CIA
  • Confidentiality
  • Embedded system’s critical information
  • Application code and surveillance data
  • Unauthorized entities
  • Integrity
  • Availability and mission objectives
  • Cyber Risks applied to Embedded Systems
  • Principles and practices designed to safeguard your embedded system
  • Hacking tools and entry points
  • Encryption and authentication
  • Data Integrity
  • Vulnerability analysis 101
  • Mitigation 101
  • Networking and network attacks
  • Role of wireless networks in the embedded systems
  • Embedded hardware and firmware analysis and reverse engineering
  • Embedded system security Threats
  • Intrusion
  • Virus, Worm, Trojan Horse (Malware)
  • Spyware
  • DoS
  • Secure software fundamentals

Introduction to Embedded Systems and their Applications in Automotive

  • Embedded Systems 101
  • Hardware Architecture
  • Software Development
  • Microprocessor Primer
  • Basic architecture
  • Programmer’s view
  • Embedded Operating Systems
  • Case Study: Embedded Vehicle System
  • Embedded Systems Engineering
  • Application Software
  • System Software
  • RTOS/Logic
  • Firmware/HAL
  • Hardware

Automotive Cybersecurity Strategies

  • Strategies to build in security by deign processes
  • ISO 21434 implementation
  • Embedded systems security developments,
  • Intrusion and threat detection strategies
  • Secured product engineering
  • Autonomous Vehicle Software
  • Automotive digital assets protection
  • Automotive Safety, Security, Privacy, and Reliability
  • Vectors of Automotive Cyber Protection
  • Internet of Things (IoT)
  • Robotics
  • Self-driving Cars
  • Next Gen Computing
  • Blockchain
  • Artificial Intelligence (AI) and Machine Learning (ML)
  • Quantum Technologies
  • Computer Vision
  • Embedded Systems
  • Embedded Linux

Automotive Embedded System Vulnerability Analysis

  • Networking and network attacks
  • Wireless networks and embedded systems
  • Embedded hardware and firmware analysis
  • Exploiting Embedded Devices
  • The stages of router exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Cross Compiling
  • Modification and Creation of new firmware
  • Persistent Dynamic Backdoor
  • Firmware analysis and extraction
  • Finding and exploiting logic flaws
  • Firmware emulation and debugging
  • Finding and exploiting real-world overflows
  • Foundations of cyber security and emerging threats
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies: Encryption and authentication
  • Hardware Reverse Engineering
  • Attacking Automotive Firmware and Hardware
  • Attacking CAN Bus and Ethernet

Automotive Cybersecurity and Layers of Protection

  • Fundamental Vehicle Cybersecurity Protections
  • Protective/preventive measures and techniques
  • Real-time intrusion (hacking) detection measures
  • Real-time response methods
  • Assessment of solutions
  • Layered Approach
  • Information Technology Security Controls
  • Automotive Industry Cybersecurity Guidance
  • Vehicle Development Process with Explicit Cybersecurity Considerations
  • Leadership Priority on Product Cybersecurity
  • Information Sharing
  • Vulnerability Reporting/Disclosure Policy
  • Vulnerability / Exploit / Incident Response Process
  • Self-Auditing
  • Risk Assessment
  • Penetration Testing and Documentation
  • Self-Review
  • Control Keys
  • Control Vehicle Maintenance Diagnostic Access
  • Control Access to Firmware
  • Firmware Encryption
  • Limit Ability to Modify Firmware
  • Control Proliferation of Network Ports, Protocols and Services
  • Autonomous Vehicle Platform
  • The Autonomous Vehicle
  • Drive software engineering best practices
  • ROS or other robotics frameworks
  • Software Systems Test
  • Embedded Linux

Cybersecurity Best Practices for Modern Vehicles

  • Use Segmentation and Isolation Techniques in Vehicle Architecture Design
  • Control Internal Vehicle Communications
  • Log Events
  • Control Communication to Back-End Servers
  • Control Wireless Interfaces
  • Serviceability
  • Secure Coding
  • Static and Dynamic Code Analysis

Standards Development and Best Practices

  • NHTSA – Cybersecurity Best Practices for Modern Vehicles
  • NHTSA and Vehicle Cybersecurity
  • Global Automakers – Framework for Automotive Cybersecurity Best Practices
  • Auto-ISAC – Best Practices Executive Summary
  • Auto Alliance initiatives
  • IEEE – Automotive Cybersecurity information
  • NHTSA – Cybersecurity overview
  • MISRA C & MISRA C++ Coding Standards Compliance
  • DO-178C
  • ISO-26262
  • IEC-62304

Securing Automotive Embedded Systems Interfaces and Protocols

  • Embedded Systems Communication Protocols
  • Universal Asynchronous Receiver/Transmitter (UART)
  • Serial Peripheral Interface (SPI)
  • Joint Test Action Group (JTAG)
  • Inter-integrated Circuit (I2C)
  • I2C bus
  • CAN bus
  • FireWire bus
  • USB
  • Parallel protocols
  • PCI bus
  • ARM bus
  • Wireless protocols
  • IrDA
  • Bluetooth
  • Bluetooth LE (BLE)
  • IEEE 802.11
  • NFC

Cybersecurity Attacks and Best Mitigation Practices for Automotive Embedded Systems

  • Non-Invasive Hardware Reverse Engineering
  • Component identification
  • Tracking PCB traces
  • Re-producing schematic and block diagrams
  • Bus Sniffing
  • Interface Analysis
  • Communications protocols sniffing
  • Decoding and deciphering captured bits
  • Critical data identification and detection
  • Component removal and replacement
  • Dealing with surface mount components
  • Electronics and circuit analysis
  • Understanding your tools and their effects on the circuit
  • Understanding the circuit and its effect on your tools
  • Security Measures

Evaluating Cybersecurity Practices for Modern Vehicles

  • Architecture for embedded systems
  • Patterns and real-time constraints
  • Automotive Embedded software testing and validation
  • Practical ways and techniques to test for safety requirements
  • How to develop and test safety requirements
  • Automotive On-board tamper-prevention and evidence
  • Automotive Embedded systems safeguarding and exploitation
  • Cyber-physical attacks and countermeasures
  • Big data and cloud data security in Automotive and V2X ecosystems

Case Study and Workshop (ISO/SAE 21434 Framework)

  • Cybersecurity Analysis of Embedded Systems used in a Modern Semi-Autonomous and Autolooms Vehicle
    • Design Process
    • Embedded system CONOPS
    • Mission objectives
    • Test and evaluation
    • Functional requirements
    • Threat analysis
    • System design
    • Security requirements
    • Performance evaluation
    • Security evaluation
    • System Implementation Security
    • Attack surface
    • Boot process, system data, and software
    • Physical attack surface
    • Root of trust establishment
    • Trust hardware and software components
    • Trusted platform module (TPM)
    • Operating system (OS)
    • Mission-specific application code (Apps)
    • Field-programmable gate array (FPGA)
    • BIOS
    • Boot process
    • Startup
    • Trusted computing base (TCB)
    • Secure Coding Guidelines Are Important
    • C and C++ programming languages for embedded development
    • CWE List & CERT Secure Coding Standards
    • CWE vs. CERT vs. MISRA
    • MISRA C Security Rules
    • Static code analyzers enforce coding rules and flag security violations
    • Helix QAC: CERT, MISRA, and CWE  to ensure secure software

Automotive Cybersecurity Training

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.