The technology enabling cars to become hyper-connected objects is closely linked to embedded software and its ability to communicate with immediate and distant environments.
Car diagnostic and remote maintenance, entertainment systems, remote warning systems…these are examples of great car assets that are also sensitive points for automotive cybersecurity.
In order to maintain high-quality connectivity in all circumstances and ensure the security of critical car systems, OEMs are urged to comply with cybersecurity regulations, such as the recent UNECE WP29.
Thales support automotive OEMs and Tier 1 through expert consulting services to build cybersecurity regulation-compliant architectures, in their vehicles.
Thales Cybersecurity Consulting teams support automotive OEMs and their suppliers to build their cybersecurity strategy and implement the different steps required for a solid security-by-design architecture.
Security by Design approach: the foundation for end-to-end secure connected cars
As cyber threats evolve and vehicles are on the road for many years, Thales cyber consulting expertise promotes security by design approach.
The aim is to build robust security into the roots of vehicles that will ensure scalable cyber solutions for the many years of operation.
Thales Cybersecurity Consulting Services
#1 - Building a cybersecurity policy for regulation compliance
Thales elaborates a specific cybersecurity policy for connected vehicles and embedded architectures within the IT/IS perimeter.
The implementation of this policy will then facilitate the alignment of the cyber strategy among the different stakeholders to communicate objectives and expectations to the different teams (conception, engineering, development…).
#2 - Assessing the risks of future connected cars
Thales conducts business risk analysis on the various ECUs and key functions that will be deployed in the vehicle to define threat models, attacker profiles, attack scenarios, and the global exposition to cybersecurity risk.
This dedicated analysis, together with the current regulations and the Cyber Threat Intelligence (CTI) data, helps us define the right architecture that will reduce and mitigate connected car and vehicle security risk.
#3 - Defining vehicle cybersecurity architectures
The conclusions of the risk analysis and defined threat model lead us to specify the right technical security measures to implement in the global, comprehensive architecture (hardware, software, network, interfaces, functions…)
#4- Penetration testing for real security level assessment
Using dedicated methodology and penetration testing approaches, we find potential exploitable breaches on the different exposed surfaces, interfaces, and components.
This enables us to assess the real security level of architectures, ECUs, and off-board services, and further address anything needed.
Thales supports you to limit the attack surface within the vehicle through an in-depth defense approach to the complete ecosystem.