Affiliation:
1. KTM Informatics GmbH
2. Graz University of Technology
3. Beevadoo e.U
Abstract
<div class="section abstract"><div class="htmlview paragraph">Cybersecurity assumes a major role in the context of the automotive domain, where both existing and forthcoming regulations are heightening the need for robust security engineering. A significant milestone in advancing cybersecurity within the automotive industry is the release of the first international standard for automotive cybersecurity ISO/SAE 21434:2021 ‘Road Vehicles — Cybersecurity Engineering’. A recently published type approval regulation for automotive cybersecurity (UN R155) is also tailored for member countries of the UNECE WP.29 alliance. Thus, the challenges for embedded automotive systems engineers are increasing while frameworks, tools and shared concepts for cybersecurity engineering and training are scarce. Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. This paper delves into an automotive cybersecurity training concept aimed at enhancing the proficiency of development engineers. In that context, we also consider the framework to train over CAN. While the presented work primarily addresses technical aspects, we recognize the importance of aligning development within the framework of relevant standards. This is crucial because any training courses must adhere to the expectations set by standardization boundaries. The presented PENNE<span class="xref"><sup>1</sup></span> framework simulates a network of CAN controllers, which enables the testing and hands-on experiences for attack vectors and mitigation methods in a simulated environment, providing basic implementations for the most common attack types of this network. The framework is extendable for training and testing purposes with series controllers and real-world demonstrators.</div></div>
Reference20 articles.
1. Macher , G. , Schmittner , C. , Veledar , O. , and Brenner , E. ISO/SAE DIS 21434 Automotive Cybersecurity Standard - In a Nutshell Casimiro A. , Ortmeier F. , Schoitsch E. , Bitsch F. , and Ferreira P. Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops Cham Springer International Publishing 2020 123 135
2. ISO - International Organization for Standardization 2021
3. United Nations Economic Commission for Europe 2021
4. United Nations Economic Commission for Europe 2021
5. Stolfa , S. , Stolfa , J. , Spanyik , M. , Messnarz , R. et al. Cybereng - Training Cybersecurity Engineer and Manager Skills in Automotive - Experience Yilmaz M. , Clarke P. , Riel A. , and Messnarz R. Systems, Software and Services Process Improvement Cham Springer Nature Switzerland 2023 366 383