Abstract
As cybersecurity becomes an integral part of car homologation, the importance of cybersecurity skills in automotive project development teams becomes crucial. It is not just about the experts in automotive security themselves, but also about the whole system development team that needs to have the skills to be able to understand, cope with and make a cybersecurity integral part of the system. In this paper, we are giving an overview and experience of the content of training, the skill sets defined as the main needed skills/competence and knowledge of the automotive cybersecurity managers and engineers and present the pilot course implementation experience.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Much, A.: Automotive security: challenges, standards and solutions, software quality professional, September 2016
Riel, A., Kreiner, C., Messnarz, R., Much, A.: An architectural approach to the integration of safety and security requirements in smart products and systems design. CIRP Ann. 67(1), 173–176 (2018)
Automotive Cybersecurity by design. GuardKnox, 22 May 2022. https://www.guardknox.com/automotive-cybersecurity-by-design/?utm_term=automotive+cybersecurity&utm_campaign=GK%2BSearch&utm_source=adwords&utm_medium=ppc&hsa_acc=2477278000&hsa_cam=16131374351&hsa_grp=131730259823&hsa_ad=580845163643&hsa_src=g&hsa_tgt=kwd-278111740315&hsa_kw=automotive+cybersecurity&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gclid=Cj0KCQjwma6TBhDIARIsAOKuANxdrGpAu3MS5aUH2dN8vVaQou_cmvrLOeFma_9A-WM7XPRebjWbrVQaAtDyEALw_wcB. Accessed 15 Apr 2022
Automotive Cybersecurity: Vector Informatik GmbH, 15 April 2022. https://www.vector.com/int/en/products/solutions/safety-security/automotive-cybersecurity/?gclid=Cj0KCQjwma6TBhDIARIsAOKuANw-AGiBvieIDAUEX7_fbKVBEAxveZMEtGUU7m3t6wvGPNqutJboxbkaAmblEALw_wcB#c2920. Accessed 15 Apr 2022
DRIVES, Project. DRIVES Framework: Deliverable 4.4.2 Full Definition and Rules of the ERFA. https://www.project-drives.eu/Media/Publications/211/Publications_211_20211201_113520.pdf
EU Blueprint Project DRIVES. https://www.project-drives.eu/. Accessed 6 Apr 2023
Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 621–624, March 2015
Macher, G., Messnarz, R., Kreiner, C., et al.: Integrated safety and security development in the automotive domain, Working Group 17AE-0252/2017-01-1661. SAE International, June 2017
GEAR 2030: European Commission, Commission launches GEAR 2030 to boost competitiveness and growth in the automotive sector (2016). http://ec.europa.eu/growth/tools-databases/newsroom/cf/itemdetail.cfm?item_id=8640
Hirz, M.: Automotive mechatronics training programme - an inclusive education series for car manufacturer and supplier industry. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 341–351. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_25
SPI Manifesto. https://conference.eurospi.net/images/eurospi/spi_manifesto.pdf. Accessed 20 Apr 2023
ISO - International Organization for Standardization: ISO 26262 Road vehicles Functional Safety Part 1-10 (2011)
ISO – International Organization for Standardization: ISO CD 26262-2018 2nd Edition Road vehicles Functional Safety (2018)
ISO/SAE 21434, Road vehicles—Cybersecurity engineering (ISO Standard No. 21434). International Organization for Standardization (2021). https://www.iso.org/standard/70918.html. Accessed 6 Apr 2023
Ito, M.: Supporting process design in the autonomous era with new standards and guidelines. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 525–535. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_39
Stolfa, J.: DRIVES—EU blueprint project for the automotive sector—a literature review of drivers of change in automotive industry. J. Softw. Evol. Process 32(3) 2020. Special Issue: Addressing Evolving Requirements Faced by the Software Industry
KGAS, Konzerngrundanforderungen Software, Version 3.2, Volkswagen LAH 893.909: KGAS_3602, KGAS_3665, KGAS_3153, KGAS_3157, November 2018
Khan, R., McLaughlin, K., Laverty, D., Sezer, S.: STRIDE-based threat modeling for cyber-physical systems. In: 2017 IEEE PES: Innovative Smart Grid Technologies Conference Europe (ISGT-Europe): Proceedings IEEE (2018). https://doi.org/10.1109/ISGTEurope.2017.8260283
Korsaa, M., et al.: The SPI manifesto and the ECQA SPI manager certification scheme. J. Softw. Evol. Process 24(5), 525–540 (2012)
Macher, G., et al.: A study of electric powertrain engineering - its requirements and stakeholders perspectives. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 396–407. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_29
Macher, G., Brenner, E., Messnarz, R., Ekert, D., Feloy, M.: Transferable competence frameworks for automotive industry. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 151–162. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_12
Macher, G., Much, A., Riel, A., Messnarz, R., Kreiner, C.: Automotive SPICE, safety and cybersecurity integration. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 273–285. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_23
Macher, G., Druml, N., Veledar, O., Reckenzaun, J.: Safety and security aspects of fail-operational urban surround perceptION (FUSION). In: International Symposium on Model-Based Safety and Assessment, pp. 286–300 (2019)
Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting cyber-security based on hardware-software interface definition. In: Systems Software and Services Process Improvement - 23nd European Conference, EuroSPI 2016 Proceedings. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-319-44817-6_12
Mahmood, H.: Application threat modeling using DREAD and STRIDE (2017). Accessed 03 Aug 2018. https://haiderm.com/application-threat-modeling-using-dread-and-stride
Messnarz, R., et al.: Automotive cybersecurity engineering job roles and best practices – developed for the EU blueprint project DRIVES. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 499–510. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_37
Messnarz, R., Much, A., Kreiner, C., Biro, M., Gorner, J.: Need for the continuous evolution of systems engineering practices for modern vehicle engineering. In: Stolfa, J., Stolfa, S., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2017. CCIS, vol. 748, pp. 439–452. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_36
Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Softw. Q. Prof. (2016)
Korsaa, M., et al.: The people aspects in modern process improvement management approaches. J. Softw. Evol. Process 25(4), 381–391 (2013). Special Issue: Selected Industrial Experience Papers of EuroSPI 2010
Messnarz, R., et al.: InnoTEACH – applying principles of innovation in school. In: Stolfa, J., Stolfa, S., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2017. CCIS, vol. 748, pp. 294–301. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_24
SAE J3061, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, SAE - Society of Automotive Engineers, USA, January 2016
Schmittner, C., Macher, G.: Automotive Cybersecurity Standards-Relation and Overview International Conference on Computer Safety, Reliability, and Security, pp. 153–165 (2019)
Schmittner, C., et al.: Automotive cybersecurity - training the future. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 211–219. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_14
Skills set for an ECQA Certified Cybersecurity Engineer and Manager (2021). https://www.project-cybereng.eu/wp-content/uploads/2021/08/CYBERENG-IO2-Skills-Set.pdf. Accessed 15 Apr 2023
SOQRATES, Task Forces Developing Integration of Automotive SPICE, ISO 26262 an d SAE J3061. http://soqrates.eurospi.net/
Stolfa, J., et al.: Automotive quality universities - AQUA alliance extension to higher education. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) EuroSPI 2016. CCIS, vol. 633, pp. 176–187. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44817-6_14
Stolfa, J., et al.: Automotive engineering skills and job roles of the future? In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 352–369. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_26
Stolfa, S., et al.: Automotive cybersecurity manager and engineer skills needs and pilot course implementation. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds.) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol. 1646. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15559-8_24
VDA QMC, Automotive Cybersecurity Management System Audit, 1st edn., December 2020
Chauhan, Y.: The 7 security objectives of any organization for IT and network security. https://yogeshchauhan.com/the-7-security-objectives-of-any-organization-for-it-and-network-security. Accessed 15 Apr 2022
UNECE World Forum for Harmonization of Vehicle Regulations (WP.29) UN R-155. https://unece.org/transport/vehicle-regulations-wp29/standards/addenda-1958-agreement-regulations-141-160. Accessed 14
2023UNECE World Forum for Harmonization of Vehicle Regulations (WP.29) UN R-156. https://unece.org/transport/vehicle-regulations-wp29/standards/addenda-1958-agreement-regulations-141-160. Accessed 1 Apr 2023
ISO/IEC 17024:2012 Conformity assessment—General requirements for bodies operating certification of persons. https://www.iso.org/standard/52993.html. Accessed 1Apr 2023
Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 549–562. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_42
Aschbacher, L., Messnarz, R., Ekert, D., Zehetner, T., Schönegger, J., Macher, G.: Improving organisations by digital transformation strategies – case study EuroSPI. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds.) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol. 1646. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15559-8_51
Ekert, D., Messnarz, R., Norimatsu, S., Zehetner, T., Aschbacher, L.: Experience with the performance of online distributed assessments – using advanced infrastructure. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 629–638. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_47
Messnarz, R., et al.: First experiences with the automotive SPICE for cybersecurity assessment model. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 531–547. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_35
Acknowledgements
The project ECQA Certified Cybersecurity Engineer and Manager – Automotive Sector (CYBERENG) is co-funded by the Erasmus+ Call 2020 Round 1 KA203 Programme of the European Union under the agreement 2020-1-CZ01-KA203-078494. This work is partially supported by Grants of SGS No. SP2023/065, VSB - Technical University of Ostrava, Czech Republic.
We are grateful to a working party of Automotive suppliers SOQRATES [40] (https://soqrates.eurospi.net) who provided inputs for cybersecurity best practices. This includes: Dallinger Martin (ZF), Dorociak Rafal (HELLA), Dreves Rainer (Continental), Ekert Damjan (ISCN), Forster Martin (ZKW), Gasch Andreas (Cariad), Geipel Thomas (Robert BOSCH GmbH), Grave Rudolf (Tasking), Griessnig Gerhard (AVL), Gruber Andreas (CERTX), Habel Stephan (Continental), Karner Christoph (KTM), Kinalzyk Dietmar (AVL), König Frank (ZF), Kotselidis Christos (Pierer Innovation), Kurz-Griessnig Brigitte (Magna ECS), Lindermuth Peter (Magna Powertrain), Macher Georg (TU Graz), Mandic Irenka (Magna Powertrain), Mayer Ralf (BOSCH Engineering), Messnarz Richard (ISCN), Much Alexander (Elektrobit AG), Nikolov Borislav (MSG Plaut), Oehler Couso Daniel (Magna Powertrain), Pernpeintner Michael (Schäffler),
Riel Andreas (Grenoble iNP, ISCN Group), Rieß Armin (BBraun), Santer Christian (AVL), Shaaban Abdelkader (AIT), Schlager Christian (Magna ECS), Schmittner Christoph (AIT), Sebron Walter (MSG Plaut), Sechser Bernhard (Process Fellows), Sporer Harald Infineon), Stahl Florian (AVL), Wachter Stefan, Walker Alastair (MSG Plau), Wegner Thomas (ZF), Geyer Dirk (AVL), Dobaj Jürgen (TU Graz), Wagner Hans (MSG Systems), Aust Detlev, Zurheide Frank (KTM), Suhas Konanur (ENX), Erik Wilhelm (Kyburz), Noha Moselhy (VALEO), Jakub Stolfa (VSB TUO), Michael Wunder (Hofer Powertrain), Svatopluk Stolfa (VSB TUO).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Stolfa, S. et al. (2023). CYBERENG - Training Cybersecurity Engineer and Manager Skills in Automotive - Experience. In: Yilmaz, M., Clarke, P., Riel, A., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2023. Communications in Computer and Information Science, vol 1890. Springer, Cham. https://doi.org/10.1007/978-3-031-42307-9_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-42307-9_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-42306-2
Online ISBN: 978-3-031-42307-9
eBook Packages: Computer ScienceComputer Science (R0)