AutoCyberSec – 1st Innovation Camp on Automotive Security
In September 2022, SBA Research held the first Innovation Camp on Automotive Security “AutoCyberSec”, funded by Austrian Research Promotion Agency (FFG). One goal was to bring experts from different domains of safety, security testing and modelling closer together to prepare for the current and upcoming challenges of digitalization within the mobility domain. The participants used this platform to learn new aspects, exchange experiences and talk ideas.
The contents had a strong focus on security testing techniques and how testing techniques can be integrated within the development and quality assurance process of automotive products. The Jeep Cherokee Hack from 2015, which erupted the automotive industry, served as a blueprint for this training. Along with hands-on challenges on real hardware, presentations held by industry experts and group exercises the challenges of security and safety have been tackled. The contents were laid out as follows:
* Current regulation and standards, methodology of ISO/SAE 21434, held by an industry expert and member of the standardization group, Christoph Schmittner.
* Taxonomy of Attacks (read-life vulnerabilities mapped STRIDE), held by the senior security researcher Dr. Johanna Ulrich.
* Cryptography for Engineers, held by a cryptography expert, security researcher, Aljosha Judmayer.
* Security Testing, held by penetration tester and principal security consultant, Reinhard Kugler along with Christoph Wech.
The training showed the knowledge gaps but also the commonalities between the different focus areas safety, security and modeling. The discussions developed several follow-up questions and collaborations for the future.
