Cars have never been smarter.
Lesson 1 - Preview: Automotive Cybersecurity Boot Camp
Provides an overview of the threats that automakers face, the vulnerabilities that exist in connected cars, and how automotive cybersecurity testing works. It also discusses the importance of cybersecurity in the automotive industry and how automakers can incorporate it into their engineering workflows.
Lesson 2 - Securing the Connected Car: What’s at Stake?
Explores the many ways in which a connected car can be hacked, and the potential consequences of such an attack. It discusses the different types of cyberattacks that can be launched against connected cars, the vulnerabilities that make them susceptible to attack, and the steps that can be taken to protect them.
Lesson 3 - Vulnerabilities Beyond the Vehicle
Discusses the vulnerabilities that exist in the automotive ecosystem beyond the vehicle itself. It covers topics such as the cybersecurity of the manufacturing supply chain, the cybersecurity of the vehicle-to-everything (V2X) communication network, and the cybersecurity of the cloud-based services that support connected cars.
Lesson 4 - Rules and Regulations: Vehicular Cybersecurity
Explores the regulatory landscape for automotive cybersecurity. It discusses the different standards and regulations that automakers must comply with, and the challenges that they face in implementing these standards and regulations.
Lesson 5 - Adopting a Cybersecurity Framework
Demonstrates the importance of adopting a cybersecurity framework for automotive organizations. It covers topics such as the different types of cybersecurity frameworks that are available, how to select the right framework for your organization, and how to implement the framework effectively.
Lesson 6 - Testing Considerations for UNECE WP.29 / UN R155
Provides an overview of the testing requirements for automotive cybersecurity as defined by the United Nations Economic Commission for Europe (UNECE) Working Party 29 (WP.29). It discusses the different types of tests that are required, the steps involved in conducting the tests, and the challenges that automakers face in meeting the testing requirements.
Lesson 7 - Testing Within a Cybersecurity Management System
Explains how testing fits into a cybersecurity management system (CSMS), as described by ISO / SAE 21434. The lesson covers the different types of testing that can be performed, as well as the different stages of the development lifecycle at which testing should occur. The lesson also discusses the importance of having a clear and well-defined testing strategy, as well as the need to continuously monitor and improve the CSMS.
Lesson 8 - So, You Want to Hack a Car?
Covers the different ways in which a connected car can be hacked. It covers the different types of cyberattacks that can be launched against connected cars, the vulnerabilities that make connected cars susceptible to attack, and the tools and techniques that hackers use to exploit these vulnerabilities. The lesson also provides some practical advice on how to protect your car from attack.
Lesson 9 - How Do You Test Automotive Cybersecurity?
Discusses the different types of automotive cybersecurity tests that are available. It covers the different types of vulnerabilities that can be tested for, the different methods that can be used to test for these vulnerabilities, and the challenges that automakers face in conducting automotive cybersecurity tests. The lesson also provides some practical advice on how to select the right tests for your needs.
Lesson 10 - What is Protocol Fuzzing?
Protocol fuzzing is a technique used to test the robustness of communication protocols by sending random or unexpected data to the protocol. This can help to identify vulnerabilities in the protocol that could be exploited by attackers.
Lesson 11 - Demo: “Hacking” a Car at Block Harbor Cybersecurity
Demonstration of how a car can be hacked by Block Harbor Cybersecurity. The demonstration uses Keysight's SA8710A Automotive Cybersecurity Penetration Test Platform to show how an attacker could gain control of a vehicle's headlight system. The lesson begins by discussing the different types of vulnerabilities that can exist in automotive systems. It then goes on to show how Block Harbor Cybersecurity used the SA8710A to exploit a vulnerability in the headlight system of a Toyota Camry.
Lesson 12 - Security Doesn’t Stop at the Sheetmetal
Discusses the importance of cybersecurity beyond the vehicle itself. The lesson covers the different ways that vehicles can be attacked through the supply chain, the infotainment system, and the cloud. The lesson also discusses the importance of having a holistic approach to cybersecurity that takes into account all of the potential attack vectors.
Lesson 13 - What Is “Car to Cloud” Cybersecurity?
Covers the cybersecurity challenges posed by the increasing connectivity of vehicles. As vehicles become more connected, they become more vulnerable to cyberattacks. This is because the vehicle's network is now exposed to the internet, which means that it is potentially accessible to malicious actors.
Lesson 14 - Network Security: What Risks Do Automakers Face?
Explores the risks that automakers face from network security vulnerabilities. The lesson covers the different ways that cybercriminals can attack automotive networks, as well as the potential consequences of such attacks. The lesson also discusses the steps that automakers can take to protect their networks from attack.
Lesson 15 - Continuously Testing Your Network’s Defenses
Explains the importance of continuously testing your network's defenses in order to identify and fix vulnerabilities before they can be exploited by attackers. The lesson covers the different types of network testing that can be performed, as well as the different tools and techniques that can be used. The lesson also discusses the importance of having a clear and well-defined testing strategy, as well as the need to continuously monitor and improve the testing process.
Lesson 16 - Curtailing Alert Fatigue in Network Security Teams
Discusses the problem of alert fatigue, which is a condition in which security teams become desensitized to alerts and are unable to effectively respond to them. The lesson covers the causes of alert fatigue, as well as the different techniques that can be used to mitigate it.
Lesson 17 - What Is Application and Threat Intelligence?
Covers the importance of application and threat intelligence in automotive cybersecurity. Application intelligence is the collection and analysis of data about applications, such as their functionality, usage patterns, and vulnerabilities. Threat intelligence is the collection and analysis of data about threats, such as their targets, techniques, and motivations.
Lesson 18 - Automotive Cybersecurity: Protect What Matters Most
Demonstrates the importance of an integrated, automated, and intelligent approach to automotive cybersecurity. The lesson covers the different elements of an effective cybersecurity strategy, including risk assessment, security architecture, security testing, and security management. The lesson also discusses the role of standards and regulations in automotive cybersecurity.
Automotive Cybersecurity: Solutions for ISO/SAE 21434, UNECE WP.29
The automotive industry is undergoing cybersecurity standardization and regulation that enforces consistent testing to provide work products to auditors. ISO/SAE 21434 is a cybersecurity standard that integrates high-quality safety and security measures and provides a standard framework to implement a Cybersecurity Management System (CSMS). UNECE WP.29 cybersecurity regulation requires carmakers to prove to auditors they have an appropriate Cybersecurity Management System (CSMS) in place to sell vehicles in countries following this new standard.