Automotive Security Assessment (Threat, Risk, Vulnerability assessment & mitigations)
Security assessment is the process of identifying and analyzing the threats and evaluating the associated risks to ensure that the cyber security measures you have chosen are appropriate to mitigate the risks your vehicle or system faces.
Evaluating and incorporating cyber security choices without a threat assessment and risk analysis is wastage of time, duplication of effort and resources. Implementing measures to defend against events that are unlikely to occur or won’t have much material impact on vehicle or system is pointless. Likewise, it is possible that threats that could cause significant damage to your vehicle system are overlooked or underestimated.
KPIT’s comprehensive cyber security assessment methodology determines various business, financial and operational impact of the security threats by identifying potential threats, associated risks & vulnerabilities, identifying threat actors and ascertaining attackers’ profile.
KPIT’s automotive cyber security assessment framework is developed based on SAE J3061 guidelines
SAE J3061 provides a framework to design and build cybersecurity into automotive systems in a comprehensive and systematic way, to monitor for and respond to incidents in the field, and to address vulnerabilities in service and operation. J3061 is unique in describing a process framework for cybersecurity that an organization can tailor against its other development processes. This allows an organization to develop an internal cybersecurity process consistent with its other processes in order to build cybersecurity robustness into their cyber- physical systems.
For more details visit: www.sae.org/standards/content/j3061_201601/
At every step of the process the findings are collected and stored as threat library in the K-ASAT (KPIT’S Automotive Security Assessment) Tool for future reference and mitigation plan implementation.
Click here for more details on K-ASAT tool.
Salient features for KPIT’s Automotive Security Assessment
- Determines various entry points into a vehicle. These entry points can be physical, electronic, and/or human
- Checks for attack surfaces, identify possible threats, categorize threats. Identify internal and external threat agent. Generate security threat model for automotive systems
- Framework to collate information on target definition, defining scope of penetration testing on target, physical and logical information of the target system, infrastructure profile, internal and external vehicular communication interfaces
- Perform exploit analysis and generate vehicle cluster-wise library of exploit. Identify of possible attack vectors and create attacker profile
- KPIT’s Threat assessment methodology is complied to SAE J3061 guidelines.
- Ready library of various threats with associated risks, vulnerabilities and mitigations to expedite the process of security assessment
- Experienced team with exposure to various protocols, interfaces and ECU security assessment
- Support for programs from requirement phase till production and pre-production security analysis
- The reports from K-ASAT are customizable and compliant to security assurance guidelines followed by automotive industry.
- KPIT uses CVSS (Common vulnerability scoring system) as a base process to identify and score the vulnerabilities.
