Description

This curriculum spans the technical and organisational complexity of a multi-phase cybersecurity integration program across automotive OEMs, Tier 1 suppliers, and infrastructure partners, comparable to securing a global vehicle fleet under UNECE WP.29 compliance with ongoing operational oversight.

Module 1: Threat Modeling for Connected Vehicle Systems

Selecting appropriate threat modeling frameworks (e.g., STRIDE vs. TARA) based on OEM development lifecycle and regulatory alignment.
Defining attack surfaces across V2X, telematics, and OTA update interfaces during vehicle architecture design.
Mapping ECU trust boundaries in domain controller architectures to identify privilege escalation paths.
Integrating threat modeling outputs into system requirements for Tier 1 suppliers with contractual security obligations.
Updating threat models in response to new vulnerability disclosures affecting shared automotive components (e.g., infotainment chipsets).
Documenting threat model assumptions for audit readiness under UNECE WP.29 R155 compliance.

Module 2: Secure ECU Development and Supply Chain Oversight

Enforcing secure coding standards (e.g., MISRA C with security extensions) across supplier firmware deliverables.
Implementing binary composition analysis to detect open-source components with known vulnerabilities in ECU builds.
Validating hardware security module (HSM) integration in ECUs for secure boot and cryptographic operations.
Conducting third-party code audits for Tier 2 suppliers lacking in-house security expertise.
Managing cryptographic key generation and injection processes during ECU manufacturing.
Establishing secure firmware update mechanisms with rollback protection in resource-constrained ECUs.

Module 3: In-Vehicle Network Security Architecture

Designing CAN FD and Ethernet (e.g., SOME/IP) segmentation using firewalls and intrusion detection systems.
Implementing message authentication for critical signals (e.g., braking, steering) using MACs or digital signatures.
Configuring gateway ECUs to enforce access control policies between vehicle domains (powertrain, chassis, infotainment).
Evaluating performance impact of encryption on real-time communication in safety-critical networks.
Deploying anomaly detection on vehicle Ethernet backbones to identify lateral movement post-compromise.
Documenting network topology and communication matrices for security assessment and regulatory submission.

Module 4: Over-the-Air (OTA) Update Security

Designing dual-signed update packages with OEM and supplier keys to prevent unauthorized modifications.
Implementing delta update verification to ensure integrity while minimizing bandwidth consumption.
Configuring rollback protection mechanisms to prevent downgrade attacks on ECU firmware.
Establishing secure communication channels between OTA backend and vehicle using mutual TLS with hardware-backed certificates.
Managing update staging and canary deployments across vehicle fleets to contain potential update-related incidents.
Logging and monitoring failed update attempts as potential indicators of active exploitation.

Module 5: V2X Communication and Infrastructure Trust

Integrating IEEE 1609.2 certificate management systems for secure V2V and V2I message exchange.
Designing pseudonym certificate rotation strategies to balance privacy and traceability.
Validating roadside unit (RSU) authenticity in mixed vendor deployments using PKI trust anchors.
Handling certificate revocation list (CRL) distribution in low-connectivity environments.
Implementing geographic filtering of V2X messages to reduce processing load and spoofing risks.
Coordinating with transportation authorities on cross-jurisdictional PKI interoperability requirements.

Module 6: Incident Response and Forensic Readiness

Designing ECU logging capabilities that capture security-relevant events without violating privacy regulations.
Establishing secure data extraction procedures from vehicle networks during post-incident investigations.
Integrating vehicle telemetry into SIEM systems with appropriate data normalization and filtering.
Developing playbooks for responding to compromised OTA servers or stolen provisioning keys.
Preserving chain of custody for forensic images taken from vehicle storage and network buffers.
Coordinating disclosure timelines with legal, PR, and regulatory teams following a confirmed breach.

Module 7: Regulatory Compliance and Audit Management

Mapping internal security controls to UNECE WP.29 R155 and R156 requirements for type approval.
Preparing evidence packages for audit trails related to vulnerability disclosure and patch deployment.
Documenting risk acceptance decisions for legacy ECUs that cannot support modern cryptographic standards.
Establishing cross-functional CSMS (Cyber Security Management System) governance with clear accountability.
Conducting third-party penetration tests with scoped rules of engagement to avoid vehicle immobilization.
Updating compliance documentation in response to changes in regional regulations (e.g., EU vs. US state-level laws).

Module 8: Security Operations for Fleet Management

Configuring centralized vehicle security monitoring with thresholds for anomalous behavior detection.
Implementing fleet-wide vulnerability prioritization based on exploitability and vehicle exposure.
Managing cryptographic key lifecycle across millions of vehicles, including revocation and renewal.
Designing secure remote diagnostics interfaces that prevent privilege escalation via service tools.
Integrating threat intelligence feeds to adjust detection rules for emerging automotive threats.
Operating 24/7 SOCs with escalation paths to engineering and executive response teams during active incidents.