ELECTRICAL/ELECTRONICS AND ELECTRONIC SYSTEMS
• Exercise −− Short question and answer with problem assignment • InfoSec Governance −− Standards −− Roles and responsibilities −− Ongoing monitoring −− Oversight −− Value • Secure Software Development −− Scope/scale of problem −− Proper design of software quality assurance/testing −− Continuous integration −− Evaluation of 3rd party code −− Techniques (e.g. overflows, data protection, etc.) −− Cryptography • The Adversary – Hackers −− Changing demographics, motivation, and identity −− Work process (e.g. flash dumping dynamic analysis, etc.) −− Case study • Exercise −− Short question and answer with problem assignment • Embedded Security −− How embedded security differs from traditional security - pros and cons −− Embedded hardware lock-down −− Key software development for embedded systems • Diverse Topics −− Overview of some hardware and software cybersecurity techniques and products −− Resiliency −− Supply chain cybersecurity −− Understanding built-in vs bolt-on argument and how to
and how will it affect us? Are there measurements - what does “secure” look like? These questions and more will be answered by this seminar. We live in an age when cyber-related recalls will happen, when remote, over-the-air updates will become routine, and in which our cars have more lines of code than a small office. This seminar introduces critical cybersecurity concepts and puts them in an automotive context. It cuts through to the “so what” basics that enable understanding and provides ideas to implement in your company. Interaction and discussion is important, so after each lecture block there is a discussion period and a written work product. • Describe key concepts in automotive cybersecurity such as the InfoSec Triad; Threat, Vulnerability, and Risk; Defense in Depth, etc. • Understand the importance of organizational roles and support, and how doing this can make cybersecurity an operational value proposition and not just a costly after-thought • Understand and recognize good software and embedded security practices • Understand why “hackers” are focusing on the automotive industry, and how they tend to think and operate. Who Should Attend This seminar is intended for anyone not familiar with automotive cybersecurity. The material covered is introductory and appro- priate for both engineering staff and management looking to learn about the cybersecurity issues that affect all aspects of the automotive industry. Topical Outline • Introduction −− Definitions −− Vulnerability −− Threat −− Risk −− TARA (Threat Assessment and Remediation Analysis) −− Architecture −− Attack classes −− State of the Standards (SAE, NIST, ISO) • InfoSec Triad - “Plus” −− Confidentiality −− Integrity −− Availability −− Non-repudiation −− Apply to automotive −− Discuss critical design features (e.g. availability vs integrity) Learning Objectives By attending this seminar, you will be able to: Prerequisites An engineering background will be helpful.
evaluate efficacy −− Defense in depth −− Stepping through an exemplar layered system • Final Exercise −− Question and answer with guided exercise
Instructor: Fee: $835
Robert Dekelbaum
.7 CEUs
URL:
sae.org/learn/content/c1619/
Design Considerations for Secure Embedded Systems 2 Days | Classroom Seminar I.D.# C1524
Embedded hardware is everywhere you look today from your vehicle’s infotainment system to refrigerator to medical devices and everything else in between. With so much exposure one would think that such devices are secure against attack; however,
37
3 ways to get a no-obligation price quote to deliver a course to your company: Call SAE Corporate Learning at +1.724.772.8529 | Fill out the online quote request at sae.org/corplearning | Email us at corplearn@sae.org
Made with FlippingBook Online newsletter