Since 1 September 2020, and according to the latest joint recommendation of the EU Commission and the European Union Agency for Cybersecurity (ENISA), vehicle manufacturers have been required to consider cybersecurity risks in automated vehicles from the initial design stage if they wish to obtain type approval in the EU or Japan. From July 2022, all newly approved vehicle types must fulfil these requirements. Together with LieberLieber Software, the Austrian Institute of Technology has developed a tool for this challenge, which msg Plaut is now successfully applying: THREATGET.
The basis for implementing the new European ECE* security guideline according to UNECE WP29 is a certified Cybersecurity Management System and Software Update Management System. The management systems used by OEMs must meet this regulation, and test vehicles and their systems/components for their ability to withstand risks from cyberspace. The first step is to undertake a risk evaluation: a Threat Analysis and Risk Assessment (TARA) is carried out to analyse the risks to each particular asset and to identify and document potential threats. The next step is to find potential solutions to security-critical problems, and then demonstrably solve these problems.
THREATGET, developed by AIT for the automotive sector together with Austrian company LieberLieber Software, enables UNECE and ISO/SAE-21434-compliant verification of the cybersecurity of vehicle systems.
Teamwork enhances cybersecurity in the automotive sector
msg Plaut, a company with extensive expertise in the automative sector, has already successfully implemented the product in its projects for automotive suppliers. “THREATGET is based on a catalogue of potential threats which is continually maintained and updated using artificial intelligence. The tool allows us to support companies in detecting threats to the operational safety of vehicles, especially automated vehicles – as well as risks to the company’s finances. These threats can be identified at an early stage, allowing the associated risks to be quickly assessed. We can be proactive, offering preventative measures and, when necessary, recommending and rapidly implementing corrective measures for our customers' system design. As a result, companies can use ‘security made in Austria’ to secure a competitive advantage in the international automotive market,” says Bernhard Schrammel, Senior Business Consultant BCC Automotive at msg Plaut and an expert in system security for automated driving.
Helmut Leopold, Head of Center for Digital Safety & Security, AIT Austrian Institute of Technology, is delighted with the fruitful cooperation: “THREATGET allows us to make an important contribution to helping European manufacturers achieve the highest quality and security standards. Our active cooperation with service partners in the industry, such as msg Plaut and LieberLieber Software, is impressive proof that we have achieved international technology leadership in the field of digitalisation through research excellence in Austria.”
Peter Lieber, owner of LieberLieber Software, adds: “In 2019 we presented THREATGET to the market, together with AIT. The cybersecurity product offers IT system designers effective support in devising security measures to combat potential cyberattacks, so-called threats. Last year we received the eAward 2020 in the ‘Industry 4.0’ category for our efforts. We are proud that we have been able to make a significant contribution to the rapidly growing cybersecurity market as an SME.”
The THREATGET features
THREATGET offers manufacturers and suppliers a tool to ensure that the cybersecurity of their vehicle systems is ECE-compliant for type approval, enabling them to remain competitive in the major markets. Identifying risks at an early stage saves costs, and the updatable threat catalogue ensures that the analysis automatically considers the most recent risks. The following offers a short overview of the THREATGET features:
- Automated security assessment: using artificial intelligence, THREATGET automatically identifies threats, supporting ongoing risk management. The tool expands the established Enterprise Architect modelling platform, and is designed to support application scenarios across a variety of domains.
- Extensible model library: THREATGET includes domain-specific, security-relevant elements for use in system modelling. Company-specific model elements and threats can also be incorporated. All elements contain predefined parameters to support existing security concepts.
- Automated threat intelligence updates: THREATGET keeps developers in the loop: as subscribers to the threat database, they are automatically informed about the latest cybersecurity threats.
More detailed information can be found at www.threatget.com.
Find out more about THREATGET during the FuSaCom (Functional Safety Community) online workshop scheduled for 8 March 2021. Register here by 28 February to attend the free event.
*Economic Commission for Europe.
About msg Plaut
msg Plaut Austria GmbH is a product-based consulting company headquartered in Vienna and employs more than 120 people at three locations. msg Plaut Automotive, the Austrian branch of the msg Group's Automotive Division with over 800 employees, combines established development and consulting services with the emerging topics of cybersecurity, artificial intelligence and collaborative development and testing services for automated vehicles.
msg Plaut Austria GmbH combines business and strategic consulting with intelligent, sustainable value-added and industry-specific IT solutions. As a pioneer of a dynamic world of digital ecosystems, msg Plaut supports customers in Austria as well as in the CEE and CIS countries with a broad range of services. These include SAP and Microsoft consulting, individual software development, test and quality management and cloud transformation, digital platforms and business intelligence. More information at www.msg-plaut.com
About AIT
The AIT Austrian Institute of Technology is Austria’s largest research and technology organisation. Over 200 experts at the Center for Digital Safety & Security are developing state-of-the-art information and communication technologies to ensure that our systems are highly secure and reliable in the context of comprehensive digitalisation and global networking. The Dependable Systems Engineering (DSE) group focuses on studying and developing methods, tools and standards for increasing, verifying and validating the dependability of software and systems – during conception, development, certification and operation (Security by Design). The research group comprises highly experienced scientists and practitioners alike, who address in particular practical problems from industry.
Contact:
Mag. (FH) Michael W. Mürling
Marketing and Communications
AIT Austrian Institute of Technology
Center for Digital Safety & Security
T +43 664 235 17 47
michael.muerling(at)ait.ac.at I www.ait.ac.at