Cybersecurity Assessment and Asset Protection
Overview: Assessed cybersecurity relevance and identified system assets to enhance security through comprehensive threat analysis and risk management.
Challenges: Identifying critical assets, defining robust cybersecurity goals, and ensuring team-wide awareness.
Solution: Generated Threat Analysis and Risk Assessments (TARAs), defined Cybersecurity Goals and Requirements, established a Verification & Validation (V&V) framework, and provided cybersecurity training.
Outcome: Delivered complete cybersecurity work products and strengthened system security with a structured management framework.
Cybersecurity Analysis for Driver Monitoring System
Overview: Conducted cybersecurity threat analysis for a Driver Monitoring System to secure system architecture and ensure compliance.
Challenges: Complex system architecture, identifying relevant threats, and aligning with suppliers for distributed development.
Solution: Developed Threat Analysis and Risk Assessment (TARA) based on item definition and system architecture, assessed cybersecurity relevance, defined cybersecurity goals and requirements, and engaged suppliers for alignment.
Outcome: Completed cybersecurity work products, integrated defined requirements into system architecture, and established supplier collaboration for secure development.
Cybersecurity Management System Setup for Tier 1 Supplier
Overview: Established Cybersecurity Management System (CSMS) processes and policies for a Tier 1 supplier to achieve ISO 21434 certification and enhance cybersecurity capabilities.
Challenges: Developing ISO 21434-compliant processes, applying them to a pilot project, and transferring expertise to internal teams.
Solution: Created ISO 21434-compliant templates, processes, and policies; synchronized with functional safety team; conducted threat analysis on multiple ECUs; proposed software flashing and cryptographic key management strategies; assessed work products per ISO 5112 for audit readiness.
Outcome: Delivered cybersecurity work products for multiple ECUs, achieved audit-ready status, transferred technical and process knowledge to internal teams, and provided guidance for scaling cybersecurity activities.