ISO 21434 Certification and Examination

TÜV Nord ISO 21434 CSCAE

TUV Nord's 5-day ISO 21434 CSCAE Training covers topics on Cybersecurity Management, Security Engineering, Verification, Security Testing, and Validation of CPSs and measures after SOP activities.

CyberSecurity Certified Automotive Engineer (CSCAE)

Overview

Security by Design (ISO/SAE 21434). Cybersecurity Governance, general concepts and Risk Evaluation. Requirement by UN ECE Objectives and requirements for overall cybersecurity management are delivered, as well as examples for implementation, organizational responsibilities, and a definition of a CSMS (Cybersecurity Management System in Engineering) according to ISO/SAE 21434 – Safety by Design and other applicable standards during Embedded and Software Engineering).

Prerequisite for participation:

Good understanding of embedded systems and their communication equipment (e.g. CAN or other protocols); experience in the use of (RTOS) operating systems and mission critical systems
Experience in developing systems with respect to modern engineering standards (e.g. ISO 26262, IEC 61508, ASPICE; CMMI)
General understanding of testing in the area of embedded systems
Studies in the field of STEM subjects or adequate engineering expertise in embedded electronic system

Course Overview

Day 1

Cybersecurity Management during Product Engineering (Cyber Physical Systems)

We will show objectives and requirements for a project dependent cybersecurity management including examples in correlation with overall cybersecurity management.

Further, the interaction with Functional Safety will be explained. Ongoing activities like cybersecurity monitoring, event management, vulnerability analysis and management will be discussed. Nevertheless, examples how to achieve goals for continuous cybersecurity activities will be delivered.

Introduction to TARA (Threat Analysis and Risk Assessment) and introduction to cybersecurity analysis methods, like attack tree analysis and others. You will also get familiar with valuation tables for attack feasibility and estimation of damage, the creation of a risk matrix, parameter and content of attack feasibility, and different terms like damage scenario, threat scenario, and attack path. Examples of performing a TARA are given. The different steps of the risk analysis will be illustrated with exercises.
Day 2 & 3
Security Engineering - Security Development Lifecycle and Design Methods

The "security by design" principles that must be integrated into the entire development and product life cycle, starting with the initial idea to the achievement of the "end of life" of a product will be discussed. Further, we will discuss in detail the aspects of the cybersecurity engineering activities.
- Security Engineering Process for Embedded Systems
- Development of the Cybersecurity Concepts
- Technical Measures and Strategies for implementing Cybersecurity in Embedded
- Systems covering HW and SW related Aspects
- System-related Design Patterns
- Software Design Process in Cybersecurity of Embedded Systems
- Introduction to Cryptography for Embedded Systems
- Secure Communication
- Management of Tools and Confidence in Tools
- Introduction to Verification and Methods in Cybersecurity Engineering during Engineeringgin
Day 4

Verification, Security Testing and Validation of CPSs and Measures after SOP Activities

An important requirement for any cyber physical system is the effectiveness and security of the design and implemented techniques, measures and controls.

We call special attention to verification and testing methods and address techniques like penetration testing and other methods in context of communication systems and other interesting system parts. The training contains examples and strategies on how to analyze finding and using them during testing to improve optimization of the system, hardware and software design further to develop validation strategies and techniques.