The technology enabling cars to become hyper-connected objects is closely linked to embedded software and its ability to communicate with immediate and distant environments.
Car diagnostic and remote maintenance, entertainment systems, and remote warning systems… are examples of great car assets that are also sensitive points for automotive cybersecurity.
To maintain high-quality connectivity in all circumstances and ensure the security of critical car systems, OEMs are urged to comply with cybersecurity regulations, such as the recent UNECE WP29.
Thales supports automotive OEMs and Tier 1 through expert consulting services to build cybersecurity regulation-compliant architectures in their vehicles.
Thales Cybersecurity Consulting teams, part of its advanced connected vehicle products and services, support automotive OEMs and their suppliers to build their cybersecurity strategy and implement the different steps required for a solid security-by-design architecture.
Security by Design approach: the foundation for end-to-end secure connected cars
As cyber threats evolve and vehicles are on the road for many years, Thales' cybersecurity experts promote a security-by-design approach.
The aim is to build robust security into the roots of vehicles that will ensure scalable cyber solutions for the many years of operation.
Mobilize Thales cybersecurity consulting services
#1 - Building a cybersecurity policy for regulation compliance
Thales elaborates on a cybersecurity policy for connected vehicles and embedded architectures within the IT/IS perimeter.
Implementing this policy will then facilitate the alignment of the cyber strategy among the different stakeholders to communicate objectives and expectations to the other teams (conception, engineering, development…).
#2 - Assessing the risks of future connected cars
Thales conducts business risk analysis on the various ECUs and key functions deployed in the vehicle to define threat models, attacker profiles, attack scenarios, and the global exposition of cybersecurity risk.
This dedicated analysis, current regulations, and Cyber Threat Intelligence (CTI) data help us define the right architecture to reduce and mitigate connected car and vehicle security risks.
#3 - Defining vehicle cybersecurity architectures
The conclusions of the risk analysis and defined threat model lead us to specify the right technical security measures to implement in the global, comprehensive architecture (hardware, software, network, interfaces, functions…).
#4- Penetration testing for real security level assessment
Using dedicated methodology and penetration testing approaches, we find potential exploitable breaches on the different exposed surfaces, interfaces, and components.
This enables us to assess the real security level of architectures, ECUs, and off-board services and further address anything needed.
Thales supports you in limiting the attack surface within the vehicle through an in-depth defense approach to the complete ecosystem.