Description

This curriculum spans the technical and organizational practices required to implement and maintain cybersecurity across the vehicle lifecycle, comparable in scope to a multi-phase advisory engagement supporting an OEM’s compliance with UN R155 and integration of secure design from component procurement through incident response.

Module 1: Threat Modeling and Risk Assessment in Vehicle Systems

Conducting attack surface analysis on ECUs connected to CAN, LIN, and Ethernet networks to identify exploitable interfaces.
Selecting appropriate threat modeling methodologies (e.g., STRIDE, TARA) based on vehicle architecture and regulatory requirements.
Mapping supplier-provided component threat models into OEM-level vehicle-wide risk assessments.
Assigning risk severity scores to vulnerabilities based on exploitability, impact on safety, and detectability.
Integrating threat modeling outputs into ISO 21435 work products for compliance audits.
Updating threat models in response to post-production incident data and field vulnerability disclosures.

Module 2: Secure Vehicle Network Architecture Design

Designing zone-based E/E architectures with secure gateways to isolate safety-critical domains (e.g., powertrain) from infotainment.
Implementing VLAN segmentation and firewall policies on Automotive Ethernet networks to control inter-ECU communication.
Selecting between centralized vs. distributed firewall placement based on latency, update frequency, and diagnostic access needs.
Configuring CAN ID filtering and rate limiting on gateway modules to mitigate spoofing and DoS attacks.
Defining secure update paths for OTA-capable ECUs without compromising real-time performance of control networks.
Evaluating the security implications of shared network interfaces between telematics and ADAS subsystems.

Module 3: ECU-Level Security Implementation

Hardening microcontrollers with secure boot chains using cryptographic verification of firmware images.
Configuring hardware security modules (HSMs) or TPMs for key storage and cryptographic operations on resource-constrained ECUs.
Implementing memory protection units (MPUs) to enforce code and data separation in AUTOSAR-based ECUs.
Disabling unused debug interfaces (e.g., JTAG, SWD) in production firmware and managing access for field diagnostics.
Integrating intrusion detection system (IDS) agents on high-value ECUs without exceeding CPU and memory budgets.
Managing secure lifecycle states (e.g., development, active, deactivated) for ECUs with cryptographic binding.

Module 4: Over-the-Air (OTA) Software Update Security

Designing end-to-end signed and encrypted update packages with rollback protection using monotonic counters.
Validating update authenticity on ECUs using public key infrastructure with certificate revocation checking.
Coordinating update sequencing across interdependent ECUs to avoid incompatibility during partial updates.
Implementing fallback mechanisms for failed updates while preserving vehicle operability and security state.
Securing the OTA backend infrastructure with role-based access controls and audit logging for update operations.
Assessing bandwidth and storage constraints when deploying delta vs. full-image updates in fleet-wide campaigns.

Module 5: Vehicle-to-Everything (V2X) Communication Security

Configuring IEEE 1609.2 certificate formats and trust models for secure V2V and V2I message exchange.
Managing certificate lifecycle operations including enrollment, renewal, and revocation in large-scale deployments.
Implementing secure time synchronization mechanisms to prevent replay attacks in V2X message validation.
Filtering and rate-limiting incoming V2X messages to prevent denial-of-service on safety-critical ECUs.
Integrating V2X security modules with existing vehicle IDS to detect spoofed or malicious messages.
Evaluating privacy-preserving techniques such as pseudonym rotation without degrading message verification performance.

Module 6: Supply Chain and Third-Party Component Security

Enforcing cybersecurity requirements in supplier contracts with measurable deliverables and audit rights.
Validating third-party software components for known vulnerabilities using SBOM analysis and static scanning.
Managing cryptographic key injection processes for supplier-manufactured ECUs in global production facilities.
Assessing security capabilities of Tier 2 and Tier 3 vendors through standardized questionnaires and on-site assessments.
Establishing secure data exchange channels for diagnostic and calibration data with external partners.
Handling firmware updates for third-party ECUs that lack native OTA or secure boot capabilities.

Module 7: Incident Response and Forensics in Automotive Systems

Designing ECU logging mechanisms that capture security-relevant events within constrained storage and bandwidth limits.
Preserving forensic evidence from vehicle networks during post-incident investigations without altering system state.
Coordinating with law enforcement and regulatory bodies during cyber incident disclosure and analysis.
Developing playbooks for isolating compromised ECUs while maintaining vehicle safety and drivability.
Correlating logs from telematics, gateway, and cloud systems to reconstruct attack timelines.
Implementing remote diagnostics access with multi-factor authentication and session monitoring for IR teams.

Module 8: Regulatory Compliance and Cybersecurity Governance

Mapping organizational cybersecurity processes to UN R155 and R156 requirements for type approval.
Maintaining a vehicle cybersecurity management system (CSMS) with documented roles, responsibilities, and workflows.
Conducting internal audits of development, production, and post-production processes for compliance gaps.
Preparing technical documentation for regulatory submissions including threat assessments and test results.
Managing product-specific cybersecurity vulnerabilities through coordinated disclosure and patching timelines.
Updating governance policies in response to evolving standards such as ISO/SAE 21434 and NHTSA guidance.