How Automotive cybersecurity labs are filling the knowledge gap for OEMs and Tier-1 suppliers
The automotive industry is undergoing an extreme transformation with the rise of the Electric Vehicle and the Software-Defined Vehicle. A paradigm shift is materializing in all stages of production, from the development stage, to deployment, and well into continued product maintenance via OTA hotfixes. With the parallel introduction of new enforced cybersecurity standards and regulations, OEMs need help to comply and have reached out to experts in dedicated cybersecurity organizations who can mitigate the vast knowledge gap and aid in creating and maintaining a complete cyber-secure vehicle. One of the emerging methods is cybersecurity labs that are strategically located in proximity to large concentrations of major OEMs and Tier-1 suppliers: Michigan USA, Germany, China, Japan and South Korea.
These cybersecurity labs have direct and profound significance for the process of complete cybersecurity protection. A cybersecurity testing lab can help ensure that the EVs and SDVs, and systems produced are secured from potential cyber threats. Having the lab located close to these major OEM companies makes it easier for them to access and utilize services, improving their overall security posture and accessing guidance and education on a daily basis.
Cybersecurity labs allow organizations to take ownership of their cybersecurity process and implementation, simulate real-world attacks and test their defenses. This helps organizations identify vulnerabilities. Furthermore, these labs provide a secure environment in which researchers can develop and test new security technologies and techniques. And in the event of a cyber-attack, labs can provide a secure environment for incident responders to contain and mitigate the attack.
Labs pen-test vehicles, subsystems, components, software images and interfaces, identify and prioritize weaknesses, and assess vulnerabilities and misconfigurations, all to comply with the ISO/SAE 21434 standard and the UN R155 regulation. A lab practices various techniques and hacker-like exploits to connect to the vehicle’s ECUs and compromise them, “steal” confidential information, and ultimately try to gain control over driving attributes.
There is another crucial and extremely well-timed benefit that these labs can supply: Training and Education. Since the introduction of EVs and SDVs, there has been a growing lack of knowledge and a lack of highly-experienced cybersecurity professionals. Cybersecurity labs are often used for training purposes, allowing security professionals to gain hands-on experience with a range of tools and techniques.
Karamba Security has recently deployed such a cybersecurity lab in Detroit, Michigan, and is performing various cybersecurity tasks for our Detroit clients and partners. Tasks that mainly include penetration testing, and also education, automated TARA tools, binary analysis, CSMS, and other cybersecurity consulting.
Cybersecurity labs play a crucial role in helping organizations prevent, detect, and respond to cyber threats. Deployment of these labs in global automotive hubs helps clients to improve and maintain quality products, components, and systems, and to do it all locally and with convenient and comprehensive guidance.