Cybersecurity & Data Privacy

The INVENSITY Center of Excellence Cybersecurity is the competence center for all questions concerning IT security of embedded systems.

Our goal is to reduce risk related to cybersecurity threats in a sustainable and traceable manner and to thereby help to develop innovative systems that are secure by design and comply to relevant norms, standards, and regulations.

Your contact

Jana Karina von Wedel
Principal Consultant

Get in touch

Offer

Security Norms, Standards, Regulations and Processes

Embedded systems are increasingly connected with each other and with the environment and implement ever higher levels of automation. This constantly increases the needs for Cybersecurity. To help meet those needs, several new norms, standards, and regulations for Cybersecurity have been created in recent years. Especially in the automotive industry, where UN regulations (R155, R156) mandatory for type approval and ISO/SAE 21434 were introduced. But also in other industries, were customers increasingly demand compliance to standards such as IEC 62443 or the ISO 27000 series.

Understanding which norms, standards, and regulations are relevant and what they mean for daily development activities can be challenging. We can help you to gain this understanding and taking into account your individual needs, requirements, and existing processes to extend your processes with Cybersecurity aspects to meet the requirements imposed on you efficiently and effectively.

Security Management

Successfully managing cybersecurity activities and integrating them into the overall development process requires both management skills as well as technical cybersecurity expertise. This is true not only for individual cybersecurity relevant development projects, but also for overarching management of topics like platform development of security mechanisms, vulnerability management, auditing of suppliers, training developers for work in security relevant projects, etc.

We can support the introduction of the role of Cybersecurity Manager within individual projects or whole organizations or by temporarily taking over this role ourselves in time critical or highly demanding projects.

TARA++

High-quality, reliable and process-oriented security assessments are an essential part of the development process of cyber-physical systems. The necessary Threat Analyses and Risk Assessments (TARAs) are very complex, time consuming and sometimes nerve-racking to perform, even for security experts. In this context, clarity, reusability as well as process and standard conformity are characteristics that lead to efficiency and quality improvements.

We support the creation of such high-quality TARAs not only with our expertise, but also by using ISAT 4.0, our specifically developed web-based INVENSITY Security Assessment Tool for the systematic and efficient execution of TARAs.  Not only the TARA itself is supported in this way, but also the following risk treatment decision and definition of security mechanisms.

Security Concepts

Once the risk treatment decision has been made, a Cybersecurity Concept defining concrete mechanisms to be implemented needs to be created. Not only the results of the TARA and existing stakeholder requirements, e.g. from an OEM, need to be taken into account, but also any system design decisions already made, performance requirements of the system and requirements coming from other disciplines, e.g. Functional Safety. This is necessary in order to really build security into the system (“security by design”), to prevent conflicts and to make use of possible synergies.

When several possible realizations of a security control are possible, the effort and cost for each possibility must be weighed against their respective impact on the overall residual risk. After defining the Cybersecurity Concept in this manner, Cybersecurity requirements must be derived and security aspects included in the architectural design.

We can support all these steps using our experience and knowledge from numerous security engineering projects to define a cost-effective, standard-conform, state-of-the-art Cybersecurity Concept.

Security Implementation

After defining the Cybersecurity Concept and deriving requirements and architectural design, the implementation of the Cybersecurity mechanisms is the next step. Implementing mechanisms like secure boot, secure flashing, or secure communication can be challenging when e.g. not much experience with these mechanisms is available within the development team or new hardware is used for the first time. Additionally to realizing the functionality, secure coding practices must be adhered to.

We can support the implementation and integration of security mechanisms as well as the creation of the necessary documentation by providing methodological support and guidance or by pairing up with your development team and providing hands-on implementation support.

Security Testing

Just like for any other functionality, requirements-based testing is a must for Cybersecurity mechanisms. But additional types of tests are needed to gain confidence that no critical unknown vulnerabilities remain in the system. Methods like fuzzing, vulnerability scanning and most famously penetration testing are applied for this purpose.

A common difficulty when defining and planning these tests is that there is no clear limit to the scope: Searching for something that shouldn’t be there can take an arbitrary amount of effort. Finding a balance between reducing the residual risk on the one hand and limiting the time, effort, and costs on the other hand is the challenge.

We can support you by systematically identifying the kind and scope of tests that will bring about this balance and by planning and managing the corresponding testing activities.

ISAT Pro

High-quality, reliable and process-oriented security assessments are a fundamental part of the development process of cyber-physical systems. At the same time, these necessary threat analyses and risk assessments are very complex and correspondingly time-consuming and nerve-racking for security experts to perform.

Clarity, reusability as well as process and standard conformity are characteristics that lead to efficiency and quality improvements in this context. With ISAT pro, the INVENSITY Security Assessment Tool, we consequently tie in with these requirements and facilitate the execution of your security analyses.

Learn more