Description

This curriculum spans the technical and organisational complexity of a multi-workshop cybersecurity integration program, matching the depth required for securing connected vehicle systems across development, deployment, and operational lifecycle phases.

Module 1: Threat Modeling for Connected Vehicle Systems

Conducting STRIDE-based threat assessments on vehicle-to-everything (V2X) communication stacks, including identifying spoofing risks in DSRC and C-V2X protocols.
Mapping attack surfaces across electronic control units (ECUs), telematics control units (TCUs), and over-the-air (OTA) update mechanisms.
Defining trust boundaries between in-vehicle networks (e.g., CAN, LIN, Ethernet) and external cloud services.
Selecting appropriate threat modeling tools (e.g., Microsoft Threat Modeling Tool, IriusRisk) for integration into automotive development pipelines.
Documenting threat scenarios involving remote exploitation of infotainment systems leading to CAN bus intrusion.
Validating threat model assumptions through red team exercises and penetration testing on prototype vehicles.

Module 2: Secure Architecture Design for Automotive Platforms

Implementing hardware-rooted security using Trusted Platform Modules (TPMs) or Hardware Security Modules (HSMs) in ECU designs.
Designing secure gateway ECUs to enforce segmentation between high-criticality (e.g., braking) and low-criticality (e.g., HVAC) domains.
Enforcing secure boot chains with cryptographic verification of firmware across all onboard processors.
Integrating secure communication protocols (e.g., TLS 1.3, MACsec) for inter-ECU and vehicle-to-cloud data transmission.
Evaluating the trade-offs between centralized domain controllers versus distributed ECU security management.
Specifying secure update mechanisms for third-party applications in open infotainment platforms.

Module 3: Identity and Access Management in Vehicle Networks

Deploying certificate-based authentication for ECUs using Public Key Infrastructure (PKI) with short-lived certificates.
Managing lifecycle of digital identities for millions of vehicles across multiple geographic regions.
Implementing role-based access control (RBAC) for diagnostic ports (e.g., OBD-II) to restrict unauthorized access.
Integrating vehicle identity into enterprise IAM systems for fleet management and shared mobility use cases.
Handling key revocation and re-provisioning in response to compromised vehicle credentials.
Designing secure handshakes between mobile devices and vehicles for keyless entry without replay vulnerabilities.

Module 4: Over-the-Air (OTA) Update Security

Validating end-to-end integrity and authenticity of OTA firmware packages using code signing and hash chaining.
Designing rollback protection mechanisms to prevent downgrade attacks on ECU software versions.
Implementing delta update strategies with cryptographic verification at each patch application stage.
Coordinating secure update sequencing across interdependent ECUs to avoid partial or inconsistent states.
Enforcing access controls on OTA backend servers to prevent unauthorized update initiation.
Monitoring and logging OTA deployment anomalies indicative of tampering or distribution channel compromise.

Module 5: Intrusion Detection and Response in Vehicle Systems

Deploying in-vehicle intrusion detection systems (IDS) to monitor CAN bus for abnormal message frequency or spoofed IDs.
Configuring thresholds for anomaly detection to minimize false positives in real-world driving conditions.
Integrating vehicle IDS alerts with Security Information and Event Management (SIEM) systems at the OEM backend.
Defining automated response protocols, such as network segmentation or ECU isolation, upon confirmed intrusion.
Developing forensic data collection mechanisms that preserve evidence without impacting vehicle safety.
Establishing incident response workflows for coordinating between cybersecurity teams, vehicle safety engineers, and field operations.

Module 6: Compliance and Regulatory Alignment

Implementing UN R155 and R156 cybersecurity management system (CSMS) requirements across global development teams.
Conducting gap assessments between internal security practices and ISO/SAE 21434 threat analysis and risk assessment (TARA) mandates.
Documenting cybersecurity engineering artifacts for audit readiness, including threat models, test reports, and risk registers.
Establishing processes for reporting cybersecurity incidents to regulatory bodies within mandated timeframes.
Aligning supply chain security requirements with OEM obligations under automotive cybersecurity regulations.
Managing regional compliance variations, such as China's GB standards or U.S. NHTSA guidelines, in global vehicle deployments.

Module 7: Supply Chain and Third-Party Risk Management

Enforcing security requirements in contracts with Tier 1 and Tier 2 suppliers for ECU and software components.
Validating supplier-provided software bills of materials (SBOMs) for open-source components with known vulnerabilities.
Conducting security assessments of third-party infotainment applications before inclusion in app stores.
Monitoring for vulnerabilities in third-party libraries used in vehicle communication stacks (e.g., Bluetooth, Wi-Fi drivers).
Establishing secure data exchange protocols between OEMs and suppliers for firmware and diagnostic data.
Responding to supply chain compromises, such as poisoned development tools or compromised update servers.

Module 8: Secure Development Lifecycle Integration

Embedding security gates into Agile/SAFe development workflows for automotive software teams.
Conducting static and dynamic code analysis on ECU firmware with tools tuned for embedded C/C++ environments.
Integrating fuzz testing into CI/CD pipelines for vehicle communication protocols (e.g., UDS, DoIP).
Enforcing mandatory security training and phishing simulations for embedded systems developers.
Managing vulnerability disclosure programs for external researchers reporting vehicle security flaws.
Performing threat model updates at each phase of vehicle development, from concept to production launch.