Home Riscure Academy Automotive Security Training

Automotive Security Training

Riscure Academy - Online Group Training

This training is designed for individuals with both technical and non-technical backgrounds, offering a comprehensive understanding of automotive embedded systems. The course emphasizes security engineering and the development of robust defense strategies for embedded systems. This training includes an in-depth exploration of technical terms, risk assessment methodologies, and hands-on experience with automotive interfaces and protocols.

Duration

4 courses

4 weeks

16 hours self-paced eLearning and practical exercise

4 hours Live Mentoring

Certificate

70% or higher on final assessment

Interactive

Exercises

Assignments

Quizzes

Live mentoring

Scalable

Self-paced eLearning

Scheduled live mentoring

Spaced for efficiency & effectiveness

Scale to multiple groups

After this program participants will be able to

Evaluate Security

Recognize Key Security Assets in automotive systems

Apply the Threat Analysis and Risk Assessment method.

Assess security weaknesses in automotive systems.

Rate and prioritize potential attack paths.

Understand and describe core defense methods.

Apply learnings

Use diagnostic tools on automotive systems, including UDS and DoIP

Analyze and secure CAN, Automotive Ethernet, and FlexRay protocols.

Perform Hands-on security assessments

Identify and test debug interfaces in embedded automotive systems.

Secure assets

Analyze and address real-world security scenarios.

Understand modern attack vectors targeting automotive systems

Recognize Evolving Security Challenges

Identify threat actors and attack techniques

Register for a free demo!

Join our special mini-webinar on October 2nd, 5pm CET/11am EST, and get a sneak peek into the course content, a live demo of the hands-on exercises, and an exclusive Q&A with our expert trainers.

Click here to register.

 

Automotive Security

Modern cars are increasingly dependent on complex digital systems to manage various operations, expanding their potential attack surface and making them prime targets for cyber threats. Ensuring the security of these systems is now essential, which demands proper awareness among all teams involved in the automotive industry.

The Automotive Security Training by Riscure Academy addresses the challenges of evolving cybersecurity in the automotive sector. This training equips teams with a solid security mindset, significantly mitigating the risk of cyber-attacks and enhancing overall vehicle reliability and security. Participants will gain valuable insights and practical knowledge to enhance the security and resilience of automotive embedded technologies.

A proactive approach to cybersecurity not only protects a company’s reputation but also results in substantial cost savings by preventing costly recalls, reducing liability from potential security breaches, and avoiding the financial impact of cyber-attacks. Additionally, investing in security training and defense strategies ultimately translates into competitive advantages, such as increased consumer trust and market share, contributing to long-term profitability and sustainability in the industry.

Audience

No specific background required

Engineering/security background preferred

Relevant for anyone working with embedded systems, from decision-makers to engineers

Objectives

Gain practical security knowledge

Understand the current threat landscape

Learn relevant automotive attack and defense mechanisms

Complete hands-on exercises on actual targets

Course

Foundations of Automotive Security

  • Introduction to Security Engineering
    • Technical Terms and Definitions: Key concepts in automotive security.
    • Threat Analysis and Risk Assessment (TARA) and Standards:
      • Overview of industry standards and frameworks.
      • Introduction to the TARA methodology.
    • Actors in Embedded Systems: Understanding the various assets, components and threat modeling in embedded and automotive systems.
    • Introduction to Risk Assessment: Basics of assessing security risks in automotive contexts.
  • Quiz
Course

Understanding Automotive Systems Security

Overview of Automotive systems

  • Introduction to Automotive Systems: Key components and their roles.
    • Approach to Evaluations: Methodologies for assessing system vulnerabilities.
    • Printed Circuit Boards (PCBs): Understanding PCB and component analysis of ECUs in automotive systems.
    • Virtual Machines (VMs):
      • Procedure: Setting up VMs for automotive security testing.
      • Screenshots: Demonstrating VM setup.

Digital Interfaces and OSI Layers

  • UART Interface:
    • Understanding UART in the OSI model (Physical, Link, Network layers).
    • Practical tips for locating UART in automotive systems.
  • JTAG Interface:
    • Introduction to JTAG and its role in automotive security
    • Methods for identifying JTAG interfaces.

Automotive Interfaces and Protocols

  • Controller Area Network (CAN):
    • Introduction to CAN and its OSI layers (Physical, Link, Network).
    • Getting Hands-on
      • Connecting to a CAN bus.
      • Identifying and analyzing CAN signals (differential signals).
      • Using CAN utilities to read and write messages.
      • Tools: SavvyCAN, Python-can-remote.
  • Automotive Ethernet:
    • Understanding Automotive Ethernet across OSI layers (Physical, Link, Network).
    • Techniques for identifying Automotive Ethernet in a system.
  • FlexRay:
    • Introduction to FlexRay protocol
    • Exploring FlexRay and its OSI layers (Physical, Link, Network).
  • Power Line Communication (PLC):
    • Introduction to PLC communication and protocol
    • The role of PLC in automotive systems, with an OSI layer breakdown (Physical, Link, Network).
  • Quiz
Course

Advanced Diagnostics and Hands-On Sessions

Diagnostics in Automotive Systems

  • Unified Diagnostic Services (UDS):
    • Theory and practical application in vehicle diagnostics.
  • Diagnostics over IP (DoIP):
    • Understanding DoIP in modern automotive systems.

Practical Hands-On Session

  • Participants engage in practical exercises using diagnostic tools to analyze and secure automotive systems.

Advanced Hands-On Session

  • Continuation of Diagnostics: Deep dive into UDS and DoIP applications.
  • Case Studies: Real-world scenarios to apply learned concepts.

Wrap-Up and Q&A

  • Summary of key takeaways.
  • Open floor for questions and discussion.

Lead developer

Join the live-demo on October 2nd

This session will offer a sneak peek into the course content, a live demo of the hands-on exercises, and an exclusive Q&A with our expert trainers. Mark your calendars and join us live!

Get Started Today

Don’t let your organization’s embedded systems become an easy target. Invest in the security and success of your business by partnering with Riscure Academy. Contact us today to discuss your training needs and explore our approach. Together, we’ll empower your team to secure your organization’s future.

Get in touch with us

Feel free to contact us anytime at inforequest@riscure.com or fill out the form below.

By checking this box you agree to process your data according to Riscure's privacy policy:
Check this box to also subscribe to our monthly newsletter:

Frequently asked questions

Do you do individual training?

Individual training is available for self-enrollers within enterprises, but we do not training for individuals outside of organizations. For individuals we recommend Self-Paced or Open training. If you are unsure, please get in touch by filling in the form below.

What is the minimum group size for your expert-led training program?
Minimum of 5 participants is required for our expert-led hybrid and classroom programs.
Are your programs delivered online or as classroom ?
Our training courses are delivered in various formats depending on the need and the subject matter. Programs can be deployed as online self-paced training, hybrid courses with expert-led sessions, or classroom-based instruction at Riscure facilities or the
customer's location. Our online programs blend self-paced e-learning, exercises, assessments, and in certain cases expert-sessions (like Q&A webinars or Group Exercises) with Riscure experts.
When can we start with the training/ what do the training schedules look like?

We do not have pre-defined dates for our training sessions. Instead, we aim to accommodate your preferred start time and schedule the spacing of training and relevant sessions accordingly. To ensure a seamless scheduling process, please provide advance notice of 3-4 weeks for our online group programs and 6-8 weeks for classroom programs, as this allows us to secure our trainers' availability. For online training by individuals (self-paced) any enrollment will be facilitated within days or weeks, depending on the level of integration with the customer training platform or HR system. For Open Training schedules, please, contact us by filling in the form below.

Does customer have access to the training materials after the program?
Participants in self-paced training have 180 days from enrollment to complete the courses, exercises, and tests, to receive their certificate of completion. After 180 days, they will still have access to the course materials, but they can’t receive the certificate any longer.
For expert-led group training, including online/hybrid and classroom formats, access to relevant training materials remains available after the training period. The formal training schedule with deadlines is coordinated between Riscure and the customer.