A Comprehensive Training Approach for Automotive Cybersecurity Engineering

Thomas Faschang, Georg Macher, Omar Veledar

Research output: Contribution to journalConference articlepeer-review

Abstract

Cybersecurity assumes a major role in the context of the automotive domain, where both existing and forthcoming regulations are heightening the need for robust security engineering. A significant milestone in advancing cybersecurity within the automotive industry is the release of the first international standard for automotive cybersecurity ISO/SAE 21434:2021 'Road Vehicles - Cybersecurity Engineering'. A recently published type approval regulation for automotive cybersecurity (UN R155) is also tailored for member countries of the UNECE WP.29 alliance. Thus, the challenges for embedded automotive systems engineers are increasing while frameworks, tools and shared concepts for cybersecurity engineering and training are scarce. Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. This paper delves into an automotive cybersecurity training concept aimed at enhancing the proficiency of development engineers. In that context, we also consider the framework to train over CAN. While the presented work primarily addresses technical aspects, we recognize the importance of aligning development within the framework of relevant standards. This is crucial because any training courses must adhere to the expectations set by standardization boundaries. The presented PENNE1 framework simulates a network of CAN controllers, which enables the testing and hands-on experiences for attack vectors and mitigation methods in a simulated environment, providing basic implementations for the most common attack types of this network. The framework is extendable for training and testing purposes with series controllers and real-world demonstrators.

Original languageEnglish
Article number2024-01-2800
JournalSAE Technical Papers
DOIs
Publication statusPublished - 9 Apr 2024
Event2024 SAE World Congress Experience: WCX 2024 - Detroit, United States
Duration: 16 Apr 202418 Apr 2024

ASJC Scopus subject areas

  • Automotive Engineering
  • Safety, Risk, Reliability and Quality
  • Pollution
  • Industrial and Manufacturing Engineering

Fingerprint

Dive into the research topics of 'A Comprehensive Training Approach for Automotive Cybersecurity Engineering'. Together they form a unique fingerprint.

Cite this