CYRES Academy

Cybersecurity is by far no temporary fashion. However, the automotive industry does not realize the importance of Cybersecurity for its organization, and particularly for its products.
Therefore, a large gap exists between the requirements that result from new standards and regulations, and the existing knowledge within the organization. This lecture block creates awareness about the importance of Cybersecurity, and highlights that Cybersecurity is not only an add-on.

Since the last couple of years, several automotive Cybersecurity standards have come into action.

The most prominent one is the ISO/SAE 21434, which is more or less the successor of the SAE J3061. Moreover, government bodies (such as the UN Regulations) try to define standards and regulations, focusing on providing Cybersecurity recommendations. For example, the set-up of a Cyber Security Management System (CSMS).
This lecture block gives an overview about different approaches, and shows different possibilities to acquire knowledge (e.g. conferences, public initiatives).

The automotive Cybersecurity ecosystem is vast with protocols such as the V2X (vehicle-to-everything) which provides help for self-driving cars.
V2X includes different protocols such as V2V (vehicle-to-vehicle), V2I (vehicle-to-infrastructure and V2C (vehicle-to-cloud) which play a crucial role on the path to autonomous driving.
This lecture block covers all different protocols in terms of V2X. Moreover, it shows the whole automotive product life cycle, and the impact Cybersecurity has.

The whole organization and all respective roles are needed to ensure Cybersecurity, and build measures to mitigate cyber-attacks or any other kind of breaches. This lecture blocks explains organizational measures.
It also offers advice on how to cope with Cybersecurity within individual projects. These measures are needed to ensure Cybersecurity is at its best, along the whole product lifecycle.

As electronic systems are getting more complex and expanding within more industries, it is becoming imperative that security is increased.
The training provided through this lecture block, highlights security needs that must be considered at early stages of system design.
Also, we shall elaborate on the security specifications of early stages of system design, by considering the current state of security modeling.
The target is to improve the security modelling in order to reach / reduce the gap between itself and the state-of-art in security modelling in academia.

Cybersecurity risk assessment as envisioned by ISO/SAE 21434, is a process where all possible cyber threats are evaluated for their potential impact, their likelihood of success, and their execution methods. The training provided through this lecture block is structured to emphasize the difference between information security and embedded security. Also, we elaborate on how to perform risk assessment in agile ways.

Although vehicle manufacturers, suppliers, and commercial fleet operators, are not responsible for designing each extended element (e.g. third-party services) of the ecosystem, vehicle designs generally can account for the insecurities introduced by interactions with these extended elements.

Lecture block 40, looks at how to manage Cybersecurity aspects within the product life cycle phases, however, this lecture block deeper enhances the topic on implementing security in each life cycle phase. Providing the ability to understand the security implementations, and patch the vulnerabilities that emerge during each phase or function that could enable incident response.

Cybersecurity controls are safeguards or countermeasures to avoid, detect, counteract, or minimize Cybersecurity risks to physical property, information, computer systems, or other assets.
The relevance is ever increasing to mitigate cyber-attacks. In this lecture block different countermeasures are presented along the different product levels. This includes product/system level controls, but also special HW and SW controls.

Several demonstrations have shown that the risks are more than theory. Facing these challenges, the training is structured to introduce potential automotive security attacks, and some important automotive security threats.
It is explained in more detail, how to identify and evaluate potential security threats for automotive IT components, based on theoretical security analyses and practical security testing. Cybersecurity testing is a new and emerging topic, therefore, needs special budget and resources to be planned in every organization.