Cyber Security is a recent feature currently cascading over all the automotive supply chain, from MCU suppliers, software vendors, integrators, new connected services providers, and of course OEMs.
ECUs manufacturers have to integrate complex security requirements mostly coming from OEMs and anticipate new emerging standards/issues. Integrators, in addition, have to provide assurances on the level of security of their products, sometimes even before product conception has started. For all actors, the introduction of specific processes and guidelines are necessary to prevent security failures for which the fallout could have both short term and long term impacts (expensive recalls, negative publicity …).
Trusted Labs has gathered through experience a strong security expertise, capable of addressing the security of a variety of architectures within the automotive ecosystem: small or complex ECUs with hardware security and embedded software, gateways, TCUs, aftermarket dongles, back-end infrastructures, mobile applications.
We propose a risk-centric approach following our principle “Learn the risks – Mitigate them”, in forms which are customized according to the needs of each client. Therefore, we accompany our customers through various kinds of assignments depending on where they stand in the product conception or design, their position in the supply chain, level of maturity and level of targeted security.
Projects can take place at any phase of the following cycle to master the threats against automotive cyber security:
- Risk Analysis: our consultants are proficient with rigorous methodologies of risk assessment, to provide our customers a global view of the threats lying over the product and their impacts. This step is more than helpful to anticipate security issues and identify whether the correct security measures are taken to reduce the risks to an acceptable level.
- Test Plan definition: security testing is a non-dispensable step to have a trustworthy status on security, just as functional testing is the only way to know if a product is functional. Specifying security features is not enough, they have to be implemented in a sufficiently robust way not to be bypassable.
- Product Evaluation: the fields of expertise of our experts cover all the technologies deployed in complex automotive systems, from reverse-engineering (hardware and software), source code analysis, interface penetration testing, and advanced hardware attacks (fault & side channel attacks),
- Risk Mitigation: Based on risk assessment and/or Evaluation results, we provide an Action Plan to improve security features and practices. They can include security mechanisms to be implemented, additional tests to be performed, or security policies to enforce. They take into account the product deployment calendar in order to reduce the cost and time-to-market impact.
- Process development: Based on our security experience, we can provide recommendations and guidelines to cover the state-of-the-art threats against specific families of products.
- Threat Monitoring: The constant evolution of the threat landscape and long life cycles of automotive products make mandatory that each new release come with updated security features.