Description

This curriculum spans the technical and organisational complexity of a multi-phase automotive cybersecurity rollout, comparable to an OEM’s internal capability build-out across threat modeling, secure architecture, and incident response functions.

Module 1: Threat Modeling and Risk Assessment in Vehicle Systems

Conducting STRIDE-based threat modeling on ECU communication paths to identify spoofing and tampering risks in CAN FD networks.
Selecting appropriate attack surface boundaries when assessing risks across telematics, infotainment, and ADAS subsystems.
Assigning CVSS scores to vulnerabilities discovered in third-party supplied ECUs with limited vendor disclosure.
Integrating ISO/SAE 21434 risk assessment workflows into existing automotive development lifecycle (ADL) gates.
Documenting residual risks for features with known vulnerabilities but constrained update capabilities.
Coordinating threat model updates when new vehicle connectivity features (e.g., V2X) are introduced mid-platform.

Module 2: Secure Vehicle Network Architecture Design

Implementing zone-based firewalling between domain controllers (e.g., body, powertrain) using Ethernet TSN with IEEE 802.1Qbv.
Configuring secure gateways to enforce payload filtering and rate limiting on CAN-to-Ethernet bridging.
Designing segmented internal networks to isolate safety-critical systems from less-trusted domains like infotainment.
Selecting between centralized vs. distributed security gateway architectures based on scalability and latency requirements.
Enforcing secure boot dependencies across multiple ECUs in a distributed architecture with varying boot ROM constraints.
Managing key distribution for encrypted inter-ECU communication in high-volume production environments.

Module 3: Cryptographic Implementation and Key Management

Deploying asymmetric cryptography for ECU authentication using ECDSA with NIST P-256 in constrained environments.
Designing secure key storage mechanisms using Hardware Security Modules (HSMs) or Secure Elements (SEs) in microcontrollers.
Establishing a PKI hierarchy for vehicle identity certificates with support for certificate revocation via CRL or OCSP.
Rotating symmetric session keys during vehicle-to-cloud communication sessions using TLS 1.3 with PSK support.
Handling key provisioning during ECU replacement in aftermarket or repair scenarios without compromising fleet security.
Implementing secure key derivation functions (KDFs) for generating per-message authentication tags in DoIP communications.

Module 4: Over-the-Air (OTA) Update Security

Validating signed firmware images using dual signature chains (manufacturer and supplier) before ECU flashing.
Designing rollback protection mechanisms to prevent downgrade attacks on ECUs with limited persistent storage.
Enforcing atomic update procedures on ECUs that require system availability during partial updates.
Implementing secure update orchestration across multiple ECUs with dependency constraints and power cycle tolerance.
Monitoring OTA update integrity using secure logging and remote attestation post-installation.
Managing update authorization policies for multi-user vehicles with role-based access to update initiation.

Module 5: Intrusion Detection and Anomaly Monitoring

Deploying in-vehicle intrusion detection systems (IDS) with CAN message frequency and content anomaly rules.
Configuring edge-triggered alerts for out-of-bound sensor readings that may indicate sensor spoofing.
Correlating IDS events across multiple domain controllers to detect coordinated multi-vector attacks.
Managing false positive rates in IDS rule sets without degrading real-time vehicle performance.
Transmitting anonymized security event data to backend SOC systems using encrypted and authenticated channels.
Updating IDS signatures remotely while maintaining detection coverage during update windows.

Module 6: Compliance and Regulatory Alignment

Mapping vehicle cybersecurity controls to UN R155 organizational and technical requirements for type approval.
Maintaining a Cybersecurity Management System (CSMS) with documented processes for incident response and change control.
Preparing audit evidence for third-party assessments under ISO/SAE 21434 and regional regulatory frameworks.
Handling disclosure of zero-day vulnerabilities in compliance with coordinated vulnerability disclosure (CVD) policies.
Documenting cybersecurity design decisions in the Technical Security Specification (TSS) for regulatory submission.
Updating compliance posture when integrating open-source software components with unknown pedigree.

Module 7: Supply Chain and Third-Party Risk Management

Enforcing cybersecurity requirements in supplier contracts for ECU software and firmware deliverables.
Validating supplier-provided Software Bills of Materials (SBOMs) for open-source and third-party components.
Conducting security assessments of Tier 2 and Tier 3 suppliers with limited transparency or audit access.
Managing vulnerability disclosure timelines when multiple suppliers are involved in a single affected component.
Integrating third-party ECUs with inconsistent security capabilities into a unified vehicle security architecture.
Establishing secure communication channels for vulnerability reporting between OEMs and global suppliers.

Module 8: Incident Response and Forensic Readiness

Designing secure logging mechanisms on ECUs with limited storage to capture pre-incident telemetry.
Preserving forensic evidence from vehicle networks during post-incident investigations without altering original data.
Coordinating with law enforcement and regulatory bodies during active vehicle cybersecurity incidents.
Executing remote mitigation actions (e.g., disabling compromised telematics functions) without impacting safety systems.
Reconstructing attack timelines using correlated logs from vehicle, cloud, and backend infrastructure sources.
Updating defensive controls fleet-wide based on root cause analysis from a contained security breach.