EMBEDDED CYBER SECURITY is not a plug-in, it’s not an add-on that you can install anywhere. It is mindset, science, methodology, process, and engineering. Our product is to advise, train, and support you in all these fields. With targeted CONSULTING and in our CYRES ACADEMY. Here’s an overview of what we offer.
CYRES Consulting is specialized in cybersecurity in embedded systems, networked systems and IoT. Above all, we are a valued partner for cyber security in the automotive industry. Along organizational boundaries, in specific projects and along the entire product lifecycle, we are the ones who drive the holistic design, conception and implementation of cybersecurity. Here you will find a first insight into the wide range of services we offer our clients.
Cyber Security Analysis
In cyber security analysis, we examine the potential threats to the system, the severity of their impact, and the probability of their occurrence.
We evaluate the system’s vulnerabilities, determine possible attack vectors and methods, and assess the risk for each threat. This is done using professional architecture analysis, requirement analysis as well as risk assessments.
We advise and train you accordingly, and/or take over interim management.
How do we start?
- A well-structured GAP analysis to standards and regulations to evaluate the project status
- Cybersecurity and Functional Safety Pre-Assessments
- Systematic evaluation of the used Cybersecurity / Functional Safety processes to comply with standards and regulations
- Derivation of measure to close identified gaps
Please note: For most of our cybersecurity consulting projects, it is unfortunately not possible for us to publish more in-depth insights (e.g. in the form of case studies).
However, we primarily advise on conceptual issues of cybersecurity on a global level. For example, we recently conducted a Risk Assessment (based on ISO/SAE 21434 and UNECE WP.29 GRVA) at system level for a leading global Tier 1 supplier to ensure compliance with the standard and future regulations.
The most important security features of an embedded system are confidentiality, integrity, and availability. But are they protected in the event of a specific attack? Where are suspected, but also unsuspected weak points?
We get to the bottom of these questions using state-of-the-art white-hat-hacking methods. On the basis of comprehensive data analyses, we help you to develop attack concepts and subject your systems to conclusive penetration tests.
We support you as consultants and trainers. If needed, we’ll also take over control tasks.
How do we start?
- Strategic management of your overall penetration testing concepts
- Design and operational execution in systematic penetration testing on target systems
- Support in the development of methods and tools for test automation and standardization of test reports
- Vulnerability analysis and specific guidance and recommendations
Systems Security Engineering
Systems security engineering is an interdisciplinary field of engineering that is used to develop those systems that need to perform even in the event of a cyber attack.
To this end, the entire system lifecycle is considered: from the design phase, through development and commissioning, to decommissioning. All relevant system components are identified and – depending on the type and number of vulnerabilities – protective measures are defined, prioritized, and finally programmed and implemented.
With our many years of expertise, we help you gain the necessary know-how and establish the required structures and processes.
How do we start?
- Development of strategies for the implementation and integration of cybersecurity management / functional safety management in individual organizational structures (organizational level) and specific development projects (project level)
- Integration of Cybersecurity and Functional Safety along the entire project and product life cycle
- Integration of Cybersecurity and Functional Safety technical solutions into the product development
- Conceptual support for effective security concepts and ensuring compliance to standards and regulations
In addition to projects on organization-wide cybersecurity structures, we are also valued for the cybersecurity related work on specific projects. For a Tier 1 supplier, for example, we have developed a system architecture for a short range LiDAR. This involved the complete Requirements Management, from stakeholders to hardware and software level.
Data Science & AI
The best way to counter cyber attacks is to prevent them from taking place. But this requires reliable predictions of possible future attacks.
Thanks to cutting-edge data science, data analytics, machine learning, and artificial intelligence, this is increasingly possible. Embedded systems are becoming forward-looking in the truest sense of the word.
Which methods and instruments already have the necessary maturity, and how they can be used for preventive measures? We can advise you on this, and offer targeted training.
How do we start?
- Providing strategic, design and implementation support for AI/data science approaches to cybersecurity and functional safety
- Risk analysis and continuous improvement processes regarding cybersecurity relevant attack vectors in the context of AI/ Big Data
- Individual trainings/coaching
Processes & Methods
Cyber security for embedded systems requires technical expertise, and the right tools. However, the need for the right process and methods is often underestimated.
We help you set up your cybersecurity organization and integrate it into your company structures, and define and implement your cybersecurity strategy, your cybersecurity governance as well as a cybersecurity process – including the necessary agile startup culture and SCRUM methodology.
We support you with strategic consulting and training. If required, we also act as interim or project manager.
How do we start?
- Support in setting up Cybersecurity / Functional Safety processes and management systems
- Implementing methods, template and tools e.g. TARA, HARA, FTA etc.
- Organization-specific development of strategies for implementation
Significantly increase your team’s embedded cybersecurity know-how: with CYRES Academy.
We offer compact one-day or multi-day seminars and workshops on systems security engineering and embedded cybersecurity risk assessment. The training courses help you identify the risks of a cyber attack being launched against your products, and to develop countermeasures.