Description

This curriculum spans the technical and procedural rigor of a multi-workshop automotive cybersecurity advisory engagement, addressing threat modeling, secure architecture design, cryptographic implementation, and incident response across vehicle lifecycle stages from development to fleet operations.

Module 1: Threat Modeling and Risk Assessment in Vehicle Systems

Conducting STRIDE-based threat modeling on CAN, LIN, and Ethernet-based vehicle subnets to identify spoofing and tampering risks.
Selecting appropriate attack surface boundaries for domain controllers versus centralized high-performance computers (HPCs).
Integrating ISO/SAE 21434 risk assessment workflows into existing automotive development lifecycle (ADL) gates.
Evaluating the impact of shared ECUs across safety and infotainment domains on threat propagation likelihood.
Documenting and justifying risk treatment decisions for vulnerabilities in legacy ECUs with no patching capability.
Aligning threat intelligence inputs from OEMs, suppliers, and third-party monitoring services with internal risk scoring models.

Module 2: Secure Network Architecture Design for In-Vehicle Communication

Implementing zone-based segmentation between powertrain, chassis, and infotainment domains using firewall-equipped gateways.
Configuring VLANs and AVB/TSN stream policies to isolate time-critical control messages from diagnostic traffic.
Designing intrusion detection system (IDS) placement at domain boundaries to monitor inter-ECU message rates and payloads.
Enforcing message authentication for UDS over CAN using SecOC with minimal latency impact on real-time systems.
Selecting between centralized and distributed firewall topologies based on vehicle E/E architecture scalability requirements.
Managing key distribution for symmetric authentication between ECUs in high-volume production environments.

Module 3: Secure Communication Protocols and Cryptographic Implementation

Integrating TLS 1.3 for OTA update channels with certificate pinning to prevent MITM attacks at the telematics unit.
Configuring IEEE 802.1X port-based authentication for Ethernet-connected ECUs in a zero-trust model.
Implementing secure boot chains with hardware-backed root of trust on microcontrollers lacking TPM support.
Optimizing ECC key sizes and signature verification cycles for resource-constrained body control modules.
Hardening DTLS configurations for V2X communication under high packet loss and variable latency conditions.
Mitigating replay attacks in CAN FD messages using rolling counters synchronized across dependent ECUs.

Module 4: Intrusion Detection and Anomaly Monitoring Systems

Defining baseline message frequency and payload variance thresholds for CAN traffic in different driving modes.
Deploying lightweight host-based IDS agents on Android Automotive infotainment systems without degrading UX.
Correlating network-level anomalies from gateway logs with ECU internal state changes for root cause analysis.
Handling false positives in IDS rules during diagnostic sessions or ECU reprogramming events.
Designing secure logging pipelines from distributed ECUs to a centralized, tamper-resistant log aggregator.
Integrating IDS alerts with OEM security operations center (SOC) using standardized formats like STIX/TAXII.

Module 5: Over-the-Air (OTA) Update Security and Lifecycle Management

Validating dual-signature requirements for firmware images across OEM and supplier trust chains.
Implementing rollback protection mechanisms to prevent downgrading to vulnerable ECU software versions.
Segmenting OTA update traffic from user data streams to prevent bandwidth contention during critical updates.
Enforcing pre-update health checks on battery level, network connectivity, and vehicle state (e.g., parked, ignition off).
Managing asymmetric key lifecycle for update verification across millions of vehicles using HSM-backed CA infrastructure.
Auditing update compliance across vehicle fleets for regulatory reporting under UNECE WP.29 R156.

Module 6: Supply Chain and Third-Party Component Governance

Enforcing software bill of materials (SBOM) requirements for third-party middleware in infotainment systems.
Validating security test results from Tier 1 suppliers against OEM-defined penetration testing criteria.
Isolating third-party SDKs in virtualized environments to limit access to vehicle control networks.
Managing vulnerability disclosure processes with external vendors under coordinated vulnerability disclosure (CVD) policies.
Assessing the security implications of open-source components in AUTOSAR Classic versus Adaptive platforms.
Conducting on-site audits of supplier development environments to verify secure coding and configuration practices.

Module 7: Regulatory Compliance and Certification Workflows

Mapping internal cybersecurity controls to UNECE WP.29 R155 management system requirements.
Documenting evidence for CSMS (Cybersecurity Management System) audits including risk treatment records.
Preparing vehicle type approval dossiers with technical justification for accepted residual risks.
Integrating penetration test findings into compliance reports without disclosing exploitable details.
Establishing change control procedures for post-certification ECU software modifications.
Coordinating with notified bodies for audit scheduling and evidence review during certification cycles.

Module 8: Incident Response and Forensic Readiness in Vehicle Fleets

Designing secure remote diagnostics interfaces that enable forensic data extraction without exposing control functions.
Defining data retention policies for vehicle logs under GDPR and regional data sovereignty laws.
Triggering secure wipe procedures for telematics units in stolen or decommissioned vehicles.
Correlating incident indicators across multiple vehicles to detect fleet-wide attack patterns.
Activating fallback communication channels when primary telematics links are compromised.
Preserving chain of custody for ECU memory dumps during forensic investigations involving safety-critical systems.