Description

This curriculum spans the technical and procedural rigor of a multi-workshop engineering engagement, addressing the same depth of system-specific controls and cross-functional coordination required to secure emissions-critical automotive systems across development, deployment, and compliance lifecycles.

Module 1: Regulatory Landscape and Compliance Frameworks

Selecting applicable emissions-related cybersecurity standards (e.g., UNECE R155/R156) based on vehicle type, target markets, and homologation requirements.
Mapping ISO/SAE 21434 requirements to vehicle emissions control systems to ensure compliance during type approval.
Implementing audit-ready documentation processes for cybersecurity management systems (CSMS) covering engine control units (ECUs) with emissions functionality.
Coordinating with regulatory bodies during cybersecurity audits for vehicles with over-the-air (OTA) emissions calibration updates.
Assessing jurisdictional differences in cybersecurity mandates affecting diesel particulate filters and selective catalytic reduction systems.
Integrating cybersecurity risk assessments into vehicle lifecycle compliance reporting for emissions-related ECUs.

Module 2: Threat Modeling for Powertrain and Emissions Systems

Identifying attack surfaces in CAN FD networks connecting engine control modules, exhaust gas recirculation valves, and NOx sensors.
Conducting STRIDE analysis on calibration data flows between OEM servers and onboard diagnostics (OBD) interfaces.
Defining threat agent profiles targeting emissions tampering via aftermarket tuning tools or ECU reflashing.
Modeling risks associated with unauthorized access to lambda sensor data used in closed-loop fuel control.
Documenting attack paths that could manipulate real driving emissions (RDE) monitoring logic during certification testing.
Updating threat models when introducing new telematics units that interface with powertrain control networks.

Module 3: Secure Design of Emissions-Related ECUs

Selecting microcontrollers with hardware security modules (HSMs) for engine control units managing exhaust aftertreatment systems.
Implementing secure boot chains to prevent unauthorized firmware from executing on NOx sensor controllers.
Designing memory partitioning to isolate emissions calibration data from non-critical software tasks.
Configuring CAN message authentication (e.g., MAC-based) for commands affecting diesel particulate filter regeneration.
Specifying secure update mechanisms for lambda probe calibration tables distributed via OTA.
Hardening ECU communication stacks against fuzzing attacks targeting OBD-II PIDs related to emissions monitoring.

Module 4: Secure Software Development for Emissions Functions

Applying MISRA C guidelines with cybersecurity extensions in source code for exhaust gas temperature control algorithms.
Enforcing code signing for calibration files that adjust urea dosing in SCR systems.
Integrating static application security testing (SAST) into CI/CD pipelines for powertrain control software.
Managing cryptographic key lifecycles used to protect map data in engine management software.
Validating input ranges for sensor data used in adaptive emissions control logic to prevent fault injection.
Instrumenting runtime monitoring for anomalous behavior in adaptive learning routines affecting fuel trim.

Module 5: In-Vehicle Network Security for Emissions Systems

Segmenting powertrain CAN networks from infotainment domains using embedded firewalls in gateway ECUs.
Deploying intrusion detection systems (IDS) on powertrain buses to detect spoofed messages to EGR controllers.
Configuring rate limiting on diagnostic services that access emissions-related DTCs and freeze frame data.
Implementing secure gateway policies to restrict OBD-II port access to emissions calibration services.
Monitoring CAN message timing anomalies that may indicate replay attacks on exhaust temperature signals.
Enabling secure communication between telematics control units and engine ECUs for remote emissions diagnostics.

Module 6: Over-the-Air Updates and Emissions Integrity

Validating digital signatures on OTA updates that modify catalyst efficiency monitoring thresholds.
Designing rollback protection to prevent reversion to vulnerable firmware versions in emissions control software.
Coordinating update scheduling to avoid interrupting active diesel particulate filter regeneration cycles.
Implementing delta updates for calibration tables to minimize bandwidth and exposure during transmission.
Logging and reporting failed update attempts on ECUs responsible for onboard diagnostics (OBD) compliance.
Ensuring update atomicity for multi-ECU emissions calibrations involving engine and aftertreatment systems.

Module 7: Incident Response and Forensics for Emissions Systems

Preserving CAN bus logs during suspected tampering with emissions control logic for regulatory investigations.
Establishing forensic data collection procedures for ECUs involved in unauthorized tuning incidents.
Developing playbooks for responding to attacks that disable malfunction indicator lamp (MIL) activation.
Coordinating with regulatory agencies when cybersecurity incidents affect type-approval compliance.
Reconstructing attack timelines using timestamped events from powertrain and diagnostic ECUs.
Implementing secure data extraction methods from immobilized vehicles with compromised emissions controls.

Module 8: Supply Chain and Third-Party Risk Management

Auditing Tier 1 suppliers' development processes for emissions-related ECUs against ISO/SAE 21434.
Enforcing contractual cybersecurity requirements for calibration tool vendors accessing ECU flash memory.
Validating firmware integrity from third-party sensor suppliers (e.g., NOx, PM sensors) before integration.
Managing access controls for external engineering firms performing emissions development work.
Assessing cybersecurity risks in dual-sourced ECUs used for exhaust gas recirculation control.
Monitoring aftermarket device integrations that connect to OBD-II ports and access emissions data streams.