Cybersecurity & Data Privacy
Jana Karina von Wedel
DSGVO / GDPR
Based on our extensive and cross-industry experience, we have developed a clearly structured approach based on established and proven process models to help our customers integrate the topic of data protection into their development processes and products and thus ensure compliance with applicable data protection regulations. This approach begins with a clear definition of the scope of the collection and processing of personal data as well as the relevant functions and interfaces.
Based on this, risks associated with the loss or compromise of personal data are analysed and a strategy is developed to prevent data protection violations and to satisfy documentation requirements. Concrete technical and procedural solutions are then derived from this strategy and verification and validation criteria for them are defined.
A penetration test serves to identify all possible threats to a system. First of all, all important resources, which could become the target of an attack and possible side effects of an attack are recorded. Once the defence objectives have been defined, it is determined how an attacker can gain access to the resources to be protected and/or control over the system and how an attacker can cause undesired behaviour of the system. For this purpose the system is analysed and possible threats are assessed and categorised. Tests are carried out on the basis of the threats found.
During these tests it is important to look at different attacker models, not only to find out what possibilities an attacker has, but also to determine how likely an attack is. In the course of these tests new threats that were not previously considered can also be identified. After the evaluation of this data, protective measures can be planned and implemented.
Automotive systems are increasingly connected with each other and with the environment and implement ever higher levels of automation. This makes it necessary to systematically deal with both the safety and security of E/E systems. Functional safety is concerned with protecting the environment from the vehicle. Cybersecurity, in turn, focuses on protecting the vehicle from the environment. In the development of modern vehicles and their software, the consideration of functional safety has long been an important part of development. At the very least since ISO 26262 (“Road vehicles – Functional safety”) came into force in 2011, this topic has been receiving increased attention. The topic of cybersecurity, on the other hand, has long been seriously neglected in the automotive industry. This has begun to change in recent years. Initially through the Cybersecurity Guidebook J3061 of the SAE, which for the first time described a uniform procedure for cybersecurity in the automotive sector, and even more so with the emergence of the new ISO 21434, the DIS of which was published in February 2020. On the basis of our well-founded cybersecurity know-how gained in the course of numerous projects, we support our customers in the introduction and implementation of this new standard. Our many years of experience in the implementation of ISO 26262 as well as in the design of corresponding processes and the lessons learned and best practices gained from them are also used in this process. The goal is clear: to develop automotive systems that are both “safe and secure”.
A Threat Model is a structured representation of all information of a system that is related to security. Through the process of Threat Modeling this information is identified, organized and analyzed. The goal is to uncover all threats and weaknesses of a system. Additionally, lists of prioritized improvements of security, requirements, design and/or implementation are created. Countermeasures are planned and implemented according to the impact of a threat.
The Threat Model should accompany a product through its entire life cycle and be improved and specified in the individual phases of the cycle.
© Copyright 2007 – 2020 | All Rights Reserved
© Copyright 2007 – 2020
All Rights Reserved