A clever hacker might come in through the back door at some unknown point in your development process. Before you know it, the mechanisms you put in place to protect your technology in a connected vehicle won’t work anymore. Systematic risk assessment can show you the real areas that are under threat. We systematically and methodically improve your processes to ensure threats can be pinpointed and shielded against in advance, as well as ensuring that your company and systems enjoy the best possible protection.
Many people would not buy a new car these days if it didn’t offer 24/7 connectivity. Internet access is a now fundamental ingredient of many comfort features and mobility services. But in cybersecurity terms, these features conceal many unseen risks.
Security-centric processes are primarily useful when it comes to effective risk assessment.
They allow you to understand where potential threats will need to be thought about – in product development, production, and even during everyday use of the connected vehicle.
Measures designed to protect technology can be derived from the findings of risk assessments.
These allows you to protect connected vehicles from cyberattacks.
Protecting critical IT infrastructure according to ISO 27000 will prevent third-party access to connected vehicles via the back-end systems of the vehicle manufacturer, its suppliers and the service providers.
These include
Manufacturers are not just responsible for cybersecurity during product development and production. Cybersecurity measures also have to be in place for when a car is being driven, when car owners are using vehicles and associated services – even years after the last car in a series rolls off the production line.
This is the task of a cybersecurtiy management system (CSMS). We recommend integrating these CSMS concerns into your existing process landscape.
According to guidelines laid down by the UNECE, cybersecurity requirements are important for homologation.
Our cybersecurity experts can help you gain clarity by conducting risk assessments. They are familiar with the specific threats your systems may be exposed to. Based on their findings, we can help you design processes that allow your company to operate safely with a focus on combating potential threats.
We will work alongside you in proactively drafting a series of protective measures so you can develop your own automotive cybersecurity concept. We will also help your cybersecurity specialists with products and show you how to keep information assets secure (ISO 27001). By looking at issues from a broader angle, you can also introduce end-to-end safeguards based on valid assessments – taking all the right cybersecurity issues into account: the product itself, processes and IT systems.
Need support with a key project? We’re your first port of call when it comes to management consulting and improvement programmes in electronics development.
Steffen Herrmann and the sales team
The new ISO/SAE 21434 standard comes into effect in November 2020. Our automotive cybersecurity solution allows you to start taking the future automotive security standard into account today. In the same vein as the new standard, we suggest using an integrated approach to risk management.
To address all of these factors, a framework was developed for ISO/SAE 21434 capturing any key requirements with a bearing on cybersecurity. This provided the first ever set of communication principles for affected stakeholders.
Our risk management solution allows you to gain the transparency you will require to develop a cybersecurity strategy. It will also allow you to base all operational and organisational structures on cybersecurity standards pertinent to your company. Drawing on our expertise in planning workflows in keeping with defined objectives enables you to plan your own process landscapes to fulfil all key requirements – from the required user experience to commercial factors, FUNCTIONAL SAFETY (ISO 26262) and industry standards such as AUTOMOTIVE SPICE®.
The security targets laid down under automotive cybersecurity guidelines go further than functional safety guidelines, making them more demanding for companies.
The regional committee of the United Nation Economic Commission for Europe (UNECE) describes cybersecurity as a key prerequisite for the homologation of series-production vehicles. This committee is responsible for the Geneva Convention. It lays down guidelines for uniform conditions for vehicle approvals and the mutual recognition of approvals.
Without an actively believed-in culture of security, your efforts to protect your firm and its vehicles from malicious attacks will be fruitless. All it takes is one minor oversight on the part of a colleague and everything you have put in place to provide protection can be rendered ineffective. We help you introduce precautionary measures to prevent manipulation through social engineering.
We support you in raising awareness for security issues among staff. A culture of security allows your cybersecurity measures to close the circle. Acute awareness allows the members of your team to spot threats more easily. This enhances the quality of your safety assessments and thus raises the likelihood of warding off threats in advance.