Description

This curriculum spans the technical and procedural rigor of a multi-workshop engineering engagement, aligning cybersecurity practices with emissions compliance activities across vehicle development, testing, and supply chain coordination.

Module 1: Regulatory Alignment and Compliance Frameworks

Selecting applicable emissions-related cybersecurity regulations (e.g., UNECE R155, R156, EPA guidelines) based on vehicle type and target markets.
Mapping ISO/SAE 21434 requirements to emissions control system boundaries to define scope of compliance.
Establishing a cybersecurity management system (CSMS) that integrates with existing emissions certification workflows.
Documenting audit trails for software changes to engine control units (ECUs) affecting emissions behavior.
Coordinating with homologation bodies to demonstrate cybersecurity resilience in emissions-related ECUs during type approval.
Assessing overlap and conflicts between cybersecurity mandates and emissions testing protocols under real-driving emissions (RDE) standards.

Module 2: Threat Modeling for Emissions Control Systems

Identifying attack surfaces in OBD-II ports, CAN bus communications, and telematics units that could manipulate emissions data.
Defining threat agents capable of tampering with NOx sensors, DPF regeneration cycles, or EGR valve control logic.
Applying STRIDE methodology to model risks in calibration data updates for engine management software.
Assessing feasibility of sensor spoofing attacks that simulate compliant emissions while enabling defeat devices.
Documenting data flow diagrams for exhaust aftertreatment systems to isolate critical trust boundaries.
Integrating threat model updates into change control processes when new emissions hardware (e.g., SCR systems) is introduced.

Module 3: Secure Development Lifecycle Integration

Enforcing code signing for firmware updates to powertrain control modules to prevent unauthorized calibration modifications.
Implementing static and dynamic analysis tools tuned to detect logic vulnerabilities in emissions control algorithms.
Requiring dual approval for software changes affecting lambda control, injection timing, or turbocharger behavior.
Embedding security requirements into model-based development environments used for engine control software.
Conducting penetration testing on bench dynamometers to simulate cyber-physical attacks on emissions systems.
Managing configuration baselines for calibration files to ensure traceability from development to production.

Module 4: In-Vehicle Network Security for Emissions Components

Segmenting CAN FD networks to isolate emissions-critical ECUs from infotainment and body control modules.
Implementing message authentication codes (MACs) for UDS diagnostic sessions accessing emissions-related DTCs.
Configuring intrusion detection systems (IDS) to flag anomalous OBD-II read requests targeting NOx sensor data.
Applying rate limiting on CAN messages that trigger forced DPF regenerations or disable SCR urea dosing.
Evaluating gateway firewall rules to prevent unauthorized access to the engine ECU from wireless entry points.
Monitoring broadcast intervals of lambda sensor readings to detect replay attacks masking rich-burn conditions.

Module 5: Over-the-Air (OTA) Updates and Emissions Integrity

Validating that OTA update payloads for emissions software do not alter approved calibration checksums.
Designing rollback protection mechanisms that prevent reverting to non-compliant firmware versions.
Requiring hardware-anchored attestation before applying updates to exhaust gas temperature control logic.
Logging all OTA transactions involving emissions-related ECUs for regulatory audit purposes.
Coordinating OTA deployment windows with emissions warranty periods to avoid unintended liability.
Implementing split-key authorization for updates affecting adaptive learning in air-fuel ratio control.

Module 6: Penetration Testing and Red Teaming for Emissions Systems

Designing test scenarios that simulate defeat device activation via covert diagnostic service calls.
Using CAN injectors to evaluate resilience of particulate matter sensors against signal manipulation.
Assessing physical access risks through the OBD-II port during emissions inspections.
Testing resistance of adaptive calibration routines to adversarial input that masks high NOx output.
Validating that security monitors do not inadvertently disable emissions controls during fault conditions.
Reporting findings in a format compatible with both cybersecurity teams and powertrain calibration engineers.

Module 7: Incident Response and Forensic Readiness

Defining thresholds for triggering incident alerts based on abnormal emissions control actuator commands.
Preserving flash memory dumps from engine ECUs following suspected tampering with SCR dosing logic.
Integrating vehicle forensics tools with dealership diagnostic systems for post-incident analysis.
Establishing data retention policies for logs related to emissions system access and configuration changes.
Coordinating with legal teams when forensic evidence suggests intentional defeat device deployment.
Conducting tabletop exercises simulating regulatory investigations into cyber-enabled emissions fraud.

Module 8: Supply Chain and Third-Party Risk Management

Auditing Tier 1 suppliers’ development processes for emissions-related software components like EGR controllers.
Requiring cryptographic verification of calibration files provided by external calibration service providers.
Assessing cybersecurity controls in test equipment used for emissions certification at third-party labs.
Managing access privileges for external engineers connecting to vehicle networks during emissions development.
Enforcing contractual obligations for vulnerability disclosure related to emissions-critical components.
Validating that software libraries used in aftertreatment modeling do not introduce exploitable dependencies.