CYBERENG - ECQA Certified Cybersecurity Engineer and Manager – Automotive Sector

CYBERENG is working on the definition of training and skill set for automotive cybersecurity engineers and managers, together with a certification scheme to foster the recognition of this qualification. Automotive cybersecurity is a new challenge for the European Automotive companies additionally complicated by the absence of qualified persons or even qualification schemes. Faced with the complex challenges of integrating cybersecurity engineering and managing into the existing processes, considering electric/electronics and software, as well as product design, development, and manufacturing, these companies experience a substantial gap between the quality engineering skills of recent graduates and their actual needs and expectations. This gap leads to a significant decrease in efficiency, effectiveness and therefore competitiveness of these companies. Upcoming regulation like the draft proposal to introduce a regulation on cybersecurity for road vehicles type approval, which is prepared by UNECE WP.29 – Harmonization of Vehicle Regulations is only increasing the urgency to address cybersecurity. Summarized there are currently two major requirements for the automotive domain prepared by UNECE WP29. There is a need to have a Cybersecurity Management System (CSMS) and each vehicle type needs evidence about the achievement of cybersecurity. The CSMS must include processes for risk identification and management (assessment, categorization, treatment, verification of treatment), security testing, updating of the risk assessment, monitoring and reaction on cyberattacks and identification and reaction to new threats. The processes need to cover the whole lifecycle (development, production, post-production) and supply chain. For each vehicle type, a risk-based approach (risk assessment, risk treatment, testing of risk treatment) need to be demonstrated.