100 Engineering Partner Test and validation in cybersecurity area By Nicolae Foica, Team Leader E/E Overall System Diagnostic Development & Test in the E/E System Development Department at ServiceXpert, Munich, Germany The number of cyber-attacks on companies in 2021 was 50 % higher than in the previous year. Prominent cases, some of which paralysed production facilities and entrepreneurial activity for weeks, were reported in the press. Therefore, investments in cybersecurity services and information security are now a top priority for the resilience and health of a company. In the era of the digital revolution, interconnectivity has increased tremendously. The improved availability and online accessibility of systems increases the possibilities of cyber-attacks and threats. These pose a real threat of unexpected damage and financial loss to businesses. The development of vehicles is also affected. With the new UNECE regulations R155 and R156, OEMs are obliged to take cybersecurity requirements into account during product development. ServiceXpert offers all relevant services for cybersecurity testing of automotive ECUs as part of test and validation projects. Projects start with a security risk assessment to determine vulnerable areas and the extent of the risks. This constitutes the basis of security test planning, design and prioritisation. Experience has shown that risk assessments should be carried out regularly, as they are only a snapshot at a particular point in time. Security risks are constantly changing, as new threats also arise on a daily basis. In the concept phase of a cybersecurity test project, objects, cybersecurity goals and ultimately the cybersecurity concept itself are defined. Within TARA (Threat Analysis and Risk Assessment), threats and risks are identified and requirements (for the ECUs) are derived. According to UNECE R155, automotive OEMs are obliged to provide evidence of the implementation and validation of cybersecurity components. For this purpose, verification activities are performed to confirm that the implementation of the design and the integration of the components comply with the refined requirements and the design. The design implementation and integration of the control unit are verified using the methods and/or criteria specified in the CAL (Cybersecurity Assurance Level) performance methods. If a weak point is identified, vulnerability management is performed. Based on the vulnerability management, an attack path analysis and attack feasibility assessment are performed. Graphic: © ServiceXpert
RkJQdWJsaXNoZXIy MjUzMzQ=