Need Guidance on How to Approach Cybersecurity Adoption?
Without Cybersecurity You Do Not Have Safety
As the demand for software-defined vehicles increases, so does vehicle connectivity. With that connectivity comes cybersecurity threats. These threats are above and beyond what you will handle in functional safety. The standards are evolving, so there is no one-size-fits-all. All connected products and organizations need to be customized to the latest cybersecurity standards, specifically; organizations need to assess the standards that are being published such as:
- SAE J3061
- ISO 21434
- UNECE/R155
- IoT Cybersecurity Foundation standards
- IT standards for security
Resolving the additional risks posed on transportation systems given the connectivity, communications, and complexity of the industry is paramount to achieving overall trustworthiness. You need a guide with true expertise who will understand where these standards intersect and live within your product lifecycle. The ultimate goal is to reduce your risk.
Cybersecurity Offerings
-
Cybersecurity Risk Assessment
- Input: The features, processes, and assets that encompass the entire ecosystem of the project.
- Output: A Cybersecurity Risk Assessment output that is tailored to the impact area prioritization of your business that ranks the vulnerabilities in descending order of severity with mitigation plans.
-
Security Processes
- Input: Standards, Regulations and Best Practices for your industry, business needs.
- Output: A Cyber Security Management System (CSMS) that provides structure to secure Continuous Integration/Continuous Delivery (CI/CD) process implementation that is tailored to your needs.
-
Security Tool Selection & Qualification
- Input: Security implementation plan, current development toolchain, existing design portfolio, product line roadmap, business needs and constraints.
- Output: A software composition analysis tool that can integrate with existing toolchains that align with overall goals and engineering workflows.
-
Cybersecurity Training
- Input: Mapping of existing skills related to business needs, product line roadmap and ecosystem.
- Output: Training on security related processes, tools, device processor security features to close the gaps and accelerate the development team.
-
Security Architecture & Product Development
- Input: Business needs and stakeholder/product requirements.
- Output: Cybersecurity architecture, design, development, and engineering from concept to production and post-production (i.e. Threat Analysis and Risk Assessment (TARA), and Mitigation Controls) for OEM and suppliers.
-
Cybersecurity Project Management
- Input: Assessment, Work Scope, Project Management.
- Output: Schedules, budget, plans to achieve Cyber Security Compliance such as ISO 21434, NIST Cybersecurity Framework, and IEC 62443 for example.
-
Cybersecurity Standards Compliance
- Input: Applicable cybersecurity standards and product roadmaps, including ISO 21434, IEC 62443, NIST Cybersecurity Framework, UNECE Regulation 155, 156, and ISO PAS 5112 to name a few.
- Output: Cybersecurity analysis report and compliance implementation plan.
-
Security Verification & Validation
- Input: Systems, subsystems, components, software, hardware requirements, and business processes and tools.
- Output: Cybersecurity verification and validation of systems, including the development of test scripts and associated hardware, and processes documentation for OEM and suppliers.
-
Cybersecurity Analysis
- Input: Product requirements and design.
- Output: Cybersecurity analysis from concept to production and post-production (i.e. TARA, Risk Assessments, Trusted Suppliers).
Cybersecurity ISO 21434 Blog Posts
16 min read
What Are the Automotive Cybersecurity Processes?
Jun 28, 2023 by Kelly Stephenson
6 min read
Top 5 Automotive Cybersecurity Questions Every Executive Needs to Know
May 15, 2023 by Kelly Stephenson