Cybersecurity & Data Privacy

The INVENSITY Center of Excellence Cybersecurity and Data Privacy is the competence center for all questions concerning IT security of embedded systems. Sustainability and traceability are our main focus. The systematic analysis of existing systems and the design of security concepts are for us the starting point of a secure system.

The systematic identification and evaluation of risks serves us as a basis for the definition of suitable measures. For the implementation of secure systems we rely on the methods of software and systems engineering as well as the methods of cybersecurity, such as secure coding or threat modelling.

Your contact

Jana Karina von Wedel
Senior Consultant

Get in touch

Offer

Cyber Security Development Process

INVENSITY offers a standardized and requirements-based solution to systematically identify risks and define appropriate measures. Based on the identification of the assets to be protected, the relevant threats and vulnerabilities are examined. On this basis, incident scenarios are described and evaluated with regard to their probability and their effects.

The resulting risks form the basis for the definition of measures to reduce the determined risk value. The software-supported process includes comprehensive documentation to ensure the re-use of the acquired knowledge.

Secure Coding

There are no limits to what they can do. Even systems that use a cryptographically secure procedure are not necessarily free of side channel attacks. Besides vulnerable hardware, security holes are very common due to careless implementations. Programs that seem to be uninteresting for an attacker can also offer a possibility to infiltrate a system, if they have, for example, increased rights and a network interface.

Therefore it is important to include the aspect of security in the programming, to stick to certain rules and to examine the program for errors like buffer overflows.

DSGVO / GDPR

Based on our extensive and cross-industry experience, we have developed a clearly structured approach based on established and proven process models to help our customers integrate the topic of data protection into their development processes and products and thus ensure compliance with applicable data protection regulations. This approach begins with a clear definition of the scope of the collection and processing of personal data as well as the relevant functions and interfaces.

Based on this, risks associated with the loss or compromise of personal data are analysed and a strategy is developed to prevent data protection violations and to satisfy documentation requirements. Concrete technical and procedural solutions are then derived from this strategy and verification and validation criteria for them are defined.

Penetration Testing

A penetration test serves to identify all possible threats to a system. First of all, all important resources, which could become the target of an attack and possible side effects of an attack are recorded. Once the defence objectives have been defined, it is determined how an attacker can gain access to the resources to be protected and/or control over the system and how an attacker can cause undesired behaviour of the system. For this purpose the system is analysed and possible threats are assessed and categorised. Tests are carried out on the basis of the threats found.

During these tests it is important to look at different attacker models, not only to find out what possibilities an attacker has, but also to determine how likely an attack is. In the course of these tests new threats that were not previously considered can also be identified. After the evaluation of this data, protective measures can be planned and implemented.

Automotive Cybersecurity

Automotive systems are increasingly connected with each other and with the environment and implement ever higher levels of automation. This makes it necessary to systematically deal with both the safety and security of E/E systems. Functional safety is concerned with protecting the environment from the vehicle. Cybersecurity, in turn, focuses on protecting the vehicle from the environment. In the development of modern vehicles and their software, the consideration of functional safety has long been an important part of development. At the very least since ISO 26262 (“Road vehicles – Functional safety”) came into force in 2011, this topic has been receiving increased attention. The topic of cybersecurity, on the other hand, has long been seriously neglected in the automotive industry. This has begun to change in recent years. Initially through the Cybersecurity Guidebook J3061 of the SAE, which for the first time described a uniform procedure for cybersecurity in the automotive sector, and even more so with the emergence of the new ISO 21434, the DIS of which was published in February 2020. On the basis of our well-founded cybersecurity know-how gained in the course of numerous projects, we support our customers in the introduction and implementation of this new standard. Our many years of experience in the implementation of ISO 26262 as well as in the design of corresponding processes and the lessons learned and best practices gained from them are also used in this process.  The goal is clear: to develop automotive systems that are both “safe and secure”.

Threat Modelling

A Threat Model is a structured representation of all information of a system that is related to security. Through the process of Threat Modeling this information is identified, organized and analyzed. The goal is to uncover all threats and weaknesses of a system. Additionally, lists of prioritized improvements of security, requirements, design and/or implementation are created. Countermeasures are planned and implemented according to the impact of a threat.

The Threat Model should accompany a product through its entire life cycle and be improved and specified in the individual phases of the cycle.

INVENSITY Competencies

CONSULTING

Accelerate your development

CAREER

Let’s make things better

© Copyright 2007 – 2020   |   All Rights Reserved 

INVENSITY Competencies

CONSULTING

Accelerate your development

Career

Let’s make things better

© Copyright 2007 – 2020
All Rights Reserved