driving worldwide business excellence

SAE J3061 and ISO 21434:2020 Cybersecurity Engineering Defense & Protection Against Attacks

Home > ISO Training > SAE J3061 and ISO 21434:2020 Cybersecurity Engineering Defense & Protection Against Attacks

Seminar Content

This five-day seminar covers the most fundamental principles, techniques, and approaches to defend and protect vehicular assets from cyber-attacks. After covering threat and attack analysis, the course focuses on asset identification and monitoring. The course then moves to the important topic of access control and monitoring including response to incidents. The most practical aspects of the course is the manipulation of threats and the environment together with protecting assets and response planning. The course covers material related to defense and protection from the ISO/SAE standard 21434 and also from the NIST cybersecurity framework.

This course combines presentations, along with in-class group exercises to put what you are learning into practice. Concepts are reinforced by a running case study of an air bag system.

Who Should Attend

Those involved in the design, development, and production of electrical and electronic based vehicle products, including the systems, software and hardware engineers, and managers. Basically, all those responsible for the development and implementation of hardware and software systems in motor vehicles.

Participants should be, or plan to be, actively managing, or involved in, or aware of electrical and/or electronic items, systems, or elements that are incorporated in motor vehicles. And have the abilities, education, and experience required for the above roles.

Recommended Training and/or Experience

Participants should be involved in or aware of software and hardware development as it relates to the motor vehicle industry.

Seminar Materials

Each participant will receive a seminar manual including case studies.

Seminar Goals

  • Critically analyze and apply information from vehicular threat and vulnerability reports on a regular basis.
  • Identify vehicle assets and their network topologies and how to monitor the vehicle environment for abnormalities and threats.
  • Apply methodologies such as in-vehicle network security monitoring and approaches to reducing the control system threat landscape will be introduced and reinforced.
  • Determine cybersecurity impact ratings and describe strategies for minimizing exposure
  • Identify vehicular assets and describe strategies for lowering their impact rating
  • Outline effective implementations of cybersecurity controls

Daily Agenda (approximate, based on class discussions)

Day One

  • Chapter 1: Introduction to Course
    • Vehicular cybersecurity landscape
    • Introduction to Cybersecurity Defense and Protection
    • Vehicle Cybersecurity Standards: ISO/SAE 21434
    • ISO/SAE 21434 Terms and Definitions
    • NIST cybersecurity framework
    • Cybersecurity Controls
  • Chapter 2: Threat Analysis
    • Case Study: Jeep Cherokee Hack
    • Cyberattack Life Cycle and Threat Models
    • Vehicular Threats
    • Sharing and Consuming vehicular threat Intelligence
    • Breakout Exercise 2: Item Definition

Day Two

  • Chapter 3: Attack Analysis
    • Vehicular Attack Surfaces
    • Vehicular Attack Vectors
    • Attack Feasibility Assessment
  • Chapter 4: Asset Identification and Network Security Monitoring
    • Vehicle Assets and Infrastructure Visibility
    • Identifying and Reducing the Threat Landscape
    • Vehicle Network Security Monitoring: Collection, Detection, and Analysis

Day Three

  • Chapter 5: Access Control and Monitoring
    • Cybersecurity Perimeters
    • Interactive Remote Access
    • External Communications and Access Points
  • Chapter 6: Cybersecurity protection
    • Protect assets by managing access
    • Protect assets by managing awareness
    • Protect assets by managing data security
    • Protect assets by managing information
    • Protect assets by managing maintenance
    • Protect assets by managing technologies

Day Four

  • Chapter 7: System Management
    • Cybersecurity Management
    • Physical and Logical Access Points
    • Software Updates
    • Malicious Code Prevention
    • Configuration Change Management and Vulnerability Assessments
    • Supporting Processes
  • Chapter 8: Threat and Environment Manipulation
    • Threat and Environment Manipulation Goals and Considerations
    • Establishing a Safe Working Environment
    • Malware Analysis Methodologies
    • Indicators of Compromise

Day Five

  • Chapter 9: Asset Protection and Response
    • Evaluation Process
    • Asset Protection
    • Incident Reporting and Response Planning
    • Incident Response Plan/Testing
    • Reporting Requirements
    • Cybersecurity Recovery Plans for vehicles
  • Chapter 10: Active Defense and Incident Response
    • Case study 1
    • Case study 2

Note: The materials will include SAE J3061 content as applicable.

SAE J3061 and ISO 21434:2020 Cybersecurity Engineering Defense & Protection Against Attacks

Search for Training

Course Keyword:

Series:

Start Date:

/ /

End Date:

/ /

Location:

Plantech-Omnex Partnership ppapandaudits