Skip to main content

CYBERENG - Training Cybersecurity Engineer and Manager Skills in Automotive - Experience

  • Conference paper
  • First Online:
Systems, Software and Services Process Improvement (EuroSPI 2023)

Abstract

As cybersecurity becomes an integral part of car homologation, the importance of cybersecurity skills in automotive project development teams becomes crucial. It is not just about the experts in automotive security themselves, but also about the whole system development team that needs to have the skills to be able to understand, cope with and make a cybersecurity integral part of the system. In this paper, we are giving an overview and experience of the content of training, the skill sets defined as the main needed skills/competence and knowledge of the automotive cybersecurity managers and engineers and present the pilot course implementation experience.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.vsb.cz/en.

  2. 2.

    https://www.real-sec.com/.

  3. 3.

    https://www.iscn.com/.

  4. 4.

    https://www.tugraz.at/home.

  5. 5.

    https://www.elektrobit.com/.

  6. 6.

    https://www.ait.ac.at/en/.

References

  1. Much, A.: Automotive security: challenges, standards and solutions, software quality professional, September 2016

    Google Scholar 

  2. Riel, A., Kreiner, C., Messnarz, R., Much, A.: An architectural approach to the integration of safety and security requirements in smart products and systems design. CIRP Ann. 67(1), 173–176 (2018)

    Article  Google Scholar 

  3. Automotive Cybersecurity by design. GuardKnox, 22 May 2022. https://www.guardknox.com/automotive-cybersecurity-by-design/?utm_term=automotive+cybersecurity&utm_campaign=GK%2BSearch&utm_source=adwords&utm_medium=ppc&hsa_acc=2477278000&hsa_cam=16131374351&hsa_grp=131730259823&hsa_ad=580845163643&hsa_src=g&hsa_tgt=kwd-278111740315&hsa_kw=automotive+cybersecurity&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gclid=Cj0KCQjwma6TBhDIARIsAOKuANxdrGpAu3MS5aUH2dN8vVaQou_cmvrLOeFma_9A-WM7XPRebjWbrVQaAtDyEALw_wcB. Accessed 15 Apr 2022

  4. Automotive Cybersecurity: Vector Informatik GmbH, 15 April 2022. https://www.vector.com/int/en/products/solutions/safety-security/automotive-cybersecurity/?gclid=Cj0KCQjwma6TBhDIARIsAOKuANw-AGiBvieIDAUEX7_fbKVBEAxveZMEtGUU7m3t6wvGPNqutJboxbkaAmblEALw_wcB#c2920. Accessed 15 Apr 2022

  5. DRIVES, Project. DRIVES Framework: Deliverable 4.4.2 Full Definition and Rules of the ERFA. https://www.project-drives.eu/Media/Publications/211/Publications_211_20211201_113520.pdf

  6. EU Blueprint Project DRIVES. https://www.project-drives.eu/. Accessed 6 Apr 2023

  7. Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 621–624, March 2015

    Google Scholar 

  8. Macher, G., Messnarz, R., Kreiner, C., et al.: Integrated safety and security development in the automotive domain, Working Group 17AE-0252/2017-01-1661. SAE International, June 2017

    Google Scholar 

  9. GEAR 2030: European Commission, Commission launches GEAR 2030 to boost competitiveness and growth in the automotive sector (2016). http://ec.europa.eu/growth/tools-databases/newsroom/cf/itemdetail.cfm?item_id=8640

  10. Hirz, M.: Automotive mechatronics training programme - an inclusive education series for car manufacturer and supplier industry. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 341–351. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_25

    Chapter  Google Scholar 

  11. SPI Manifesto. https://conference.eurospi.net/images/eurospi/spi_manifesto.pdf. Accessed 20 Apr 2023

  12. ISO - International Organization for Standardization: ISO 26262 Road vehicles Functional Safety Part 1-10 (2011)

    Google Scholar 

  13. ISO – International Organization for Standardization: ISO CD 26262-2018 2nd Edition Road vehicles Functional Safety (2018)

    Google Scholar 

  14. ISO/SAE 21434, Road vehicles—Cybersecurity engineering (ISO Standard No. 21434). International Organization for Standardization (2021). https://www.iso.org/standard/70918.html. Accessed 6 Apr 2023

  15. Ito, M.: Supporting process design in the autonomous era with new standards and guidelines. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 525–535. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_39

    Chapter  Google Scholar 

  16. Stolfa, J.: DRIVES—EU blueprint project for the automotive sector—a literature review of drivers of change in automotive industry. J. Softw. Evol. Process 32(3) 2020. Special Issue: Addressing Evolving Requirements Faced by the Software Industry

    Google Scholar 

  17. KGAS, Konzerngrundanforderungen Software, Version 3.2, Volkswagen LAH 893.909: KGAS_3602, KGAS_3665, KGAS_3153, KGAS_3157, November 2018

    Google Scholar 

  18. Khan, R., McLaughlin, K., Laverty, D., Sezer, S.: STRIDE-based threat modeling for cyber-physical systems. In: 2017 IEEE PES: Innovative Smart Grid Technologies Conference Europe (ISGT-Europe): Proceedings IEEE (2018). https://doi.org/10.1109/ISGTEurope.2017.8260283

  19. Korsaa, M., et al.: The SPI manifesto and the ECQA SPI manager certification scheme. J. Softw. Evol. Process 24(5), 525–540 (2012)

    Article  Google Scholar 

  20. Macher, G., et al.: A study of electric powertrain engineering - its requirements and stakeholders perspectives. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 396–407. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_29

    Chapter  Google Scholar 

  21. Macher, G., Brenner, E., Messnarz, R., Ekert, D., Feloy, M.: Transferable competence frameworks for automotive industry. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 151–162. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_12

    Chapter  Google Scholar 

  22. Macher, G., Much, A., Riel, A., Messnarz, R., Kreiner, C.: Automotive SPICE, safety and cybersecurity integration. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 273–285. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_23

    Chapter  Google Scholar 

  23. Macher, G., Druml, N., Veledar, O., Reckenzaun, J.: Safety and security aspects of fail-operational urban surround perceptION (FUSION). In: International Symposium on Model-Based Safety and Assessment, pp. 286–300 (2019)

    Google Scholar 

  24. Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting cyber-security based on hardware-software interface definition. In: Systems Software and Services Process Improvement - 23nd European Conference, EuroSPI 2016 Proceedings. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-319-44817-6_12

  25. Mahmood, H.: Application threat modeling using DREAD and STRIDE (2017). Accessed 03 Aug 2018. https://haiderm.com/application-threat-modeling-using-dread-and-stride

  26. Messnarz, R., et al.: Automotive cybersecurity engineering job roles and best practices – developed for the EU blueprint project DRIVES. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 499–510. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_37

    Chapter  Google Scholar 

  27. Messnarz, R., Much, A., Kreiner, C., Biro, M., Gorner, J.: Need for the continuous evolution of systems engineering practices for modern vehicle engineering. In: Stolfa, J., Stolfa, S., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2017. CCIS, vol. 748, pp. 439–452. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_36

    Chapter  Google Scholar 

  28. Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Softw. Q. Prof. (2016)

    Google Scholar 

  29. Korsaa, M., et al.: The people aspects in modern process improvement management approaches. J. Softw. Evol. Process 25(4), 381–391 (2013). Special Issue: Selected Industrial Experience Papers of EuroSPI 2010

    Google Scholar 

  30. Messnarz, R., et al.: InnoTEACH – applying principles of innovation in school. In: Stolfa, J., Stolfa, S., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2017. CCIS, vol. 748, pp. 294–301. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_24

    Chapter  Google Scholar 

  31. SAE J3061, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, SAE - Society of Automotive Engineers, USA, January 2016

    Google Scholar 

  32. Schmittner, C., Macher, G.: Automotive Cybersecurity Standards-Relation and Overview International Conference on Computer Safety, Reliability, and Security, pp. 153–165 (2019)

    Google Scholar 

  33. Schmittner, C., et al.: Automotive cybersecurity - training the future. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 211–219. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_14

    Chapter  Google Scholar 

  34. Skills set for an ECQA Certified Cybersecurity Engineer and Manager (2021). https://www.project-cybereng.eu/wp-content/uploads/2021/08/CYBERENG-IO2-Skills-Set.pdf. Accessed 15 Apr 2023

  35. SOQRATES, Task Forces Developing Integration of Automotive SPICE, ISO 26262 an d SAE J3061. http://soqrates.eurospi.net/

  36. Stolfa, J., et al.: Automotive quality universities - AQUA alliance extension to higher education. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) EuroSPI 2016. CCIS, vol. 633, pp. 176–187. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44817-6_14

    Chapter  Google Scholar 

  37. Stolfa, J., et al.: Automotive engineering skills and job roles of the future? In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 352–369. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_26

    Chapter  Google Scholar 

  38. Stolfa, S., et al.: Automotive cybersecurity manager and engineer skills needs and pilot course implementation. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds.) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol. 1646. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15559-8_24

  39. VDA QMC, Automotive Cybersecurity Management System Audit, 1st edn., December 2020

    Google Scholar 

  40. Chauhan, Y.: The 7 security objectives of any organization for IT and network security. https://yogeshchauhan.com/the-7-security-objectives-of-any-organization-for-it-and-network-security. Accessed 15 Apr 2022

  41. UNECE World Forum for Harmonization of Vehicle Regulations (WP.29) UN R-155. https://unece.org/transport/vehicle-regulations-wp29/standards/addenda-1958-agreement-regulations-141-160. Accessed 14

  42. 2023UNECE World Forum for Harmonization of Vehicle Regulations (WP.29) UN R-156. https://unece.org/transport/vehicle-regulations-wp29/standards/addenda-1958-agreement-regulations-141-160. Accessed 1 Apr 2023

  43. ISO/IEC 17024:2012 Conformity assessment—General requirements for bodies operating certification of persons. https://www.iso.org/standard/52993.html. Accessed 1Apr 2023

  44. Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 549–562. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_42

    Chapter  Google Scholar 

  45. Aschbacher, L., Messnarz, R., Ekert, D., Zehetner, T., Schönegger, J., Macher, G.: Improving organisations by digital transformation strategies – case study EuroSPI. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds.) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol. 1646. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15559-8_51

  46. Ekert, D., Messnarz, R., Norimatsu, S., Zehetner, T., Aschbacher, L.: Experience with the performance of online distributed assessments – using advanced infrastructure. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 629–638. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_47

    Chapter  Google Scholar 

  47. Messnarz, R., et al.: First experiences with the automotive SPICE for cybersecurity assessment model. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 531–547. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_35

    Chapter  Google Scholar 

Download references

Acknowledgements

The project ECQA Certified Cybersecurity Engineer and Manager – Automotive Sector (CYBERENG) is co-funded by the Erasmus+ Call 2020 Round 1 KA203 Programme of the European Union under the agreement 2020-1-CZ01-KA203-078494. This work is partially supported by Grants of SGS No. SP2023/065, VSB - Technical University of Ostrava, Czech Republic.

We are grateful to a working party of Automotive suppliers SOQRATES [40] (https://soqrates.eurospi.net) who provided inputs for cybersecurity best practices. This includes: Dallinger Martin (ZF), Dorociak Rafal (HELLA), Dreves Rainer (Continental), Ekert Damjan (ISCN), Forster Martin (ZKW), Gasch Andreas (Cariad), Geipel Thomas (Robert BOSCH GmbH), Grave Rudolf (Tasking), Griessnig Gerhard (AVL), Gruber Andreas (CERTX), Habel Stephan (Continental), Karner Christoph (KTM), Kinalzyk Dietmar (AVL), König Frank (ZF), Kotselidis Christos (Pierer Innovation), Kurz-Griessnig Brigitte (Magna ECS), Lindermuth Peter (Magna Powertrain), Macher Georg (TU Graz), Mandic Irenka (Magna Powertrain), Mayer Ralf (BOSCH Engineering), Messnarz Richard (ISCN), Much Alexander (Elektrobit AG), Nikolov Borislav (MSG Plaut), Oehler Couso Daniel (Magna Powertrain), Pernpeintner Michael (Schäffler),

Riel Andreas (Grenoble iNP, ISCN Group), Rieß Armin (BBraun), Santer Christian (AVL), Shaaban Abdelkader (AIT), Schlager Christian (Magna ECS), Schmittner Christoph (AIT), Sebron Walter (MSG Plaut), Sechser Bernhard (Process Fellows), Sporer Harald Infineon), Stahl Florian (AVL), Wachter Stefan, Walker Alastair (MSG Plau), Wegner Thomas (ZF), Geyer Dirk (AVL), Dobaj Jürgen (TU Graz), Wagner Hans (MSG Systems), Aust Detlev, Zurheide Frank (KTM), Suhas Konanur (ENX), Erik Wilhelm (Kyburz), Noha Moselhy (VALEO), Jakub Stolfa (VSB TUO), Michael Wunder (Hofer Powertrain), Svatopluk Stolfa (VSB TUO).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Svatopluk Stolfa .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Stolfa, S. et al. (2023). CYBERENG - Training Cybersecurity Engineer and Manager Skills in Automotive - Experience. In: Yilmaz, M., Clarke, P., Riel, A., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2023. Communications in Computer and Information Science, vol 1890. Springer, Cham. https://doi.org/10.1007/978-3-031-42307-9_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-42307-9_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-42306-2

  • Online ISBN: 978-3-031-42307-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics