Creation Of Documentation Related To Cybersecurity In The Automotive Sector

Project overview:

• Goal: Create a set of templates for cyber security documentation in the Automotive sector.
• Location: Amsterdam / Eindhoven
  
• Timeframe: 3 months
• Starting: TBA
• Complexity: Medium
• Team: Product Manufacturers
• Supervisor: Anna Prudnikova / team member from Product Manufacturers

As a student, you have:

Education:

• An HBO or WO level of education in the relevant domain.

Technical skills:

• Knowledge of cyber security management domain
• Basic knowledge of the automotive world
• Knowledge of industry related standards is a bonus: ISO27K, NIST CSF, UNECE R155/R156, ISO 21434 etc

Soft skills:

• The ability to work well in an international team environment;
• Good communication skills
• Organized.
• Clear documentation writing skills.

The project you will be working on:

Secura is an active player in the different sectors of technology including Operation Technology (OT), IoT and IT (more details can be found on our web-site https://www.secura.com/markets...). One of the major focus areas is the security of products and ultimately the certification to provide assurance the all types of OT/IoT/IT products are secure. When we talk about security the products, we always need to keep in mind that the product should also be developed in a secure way in a secure environment following best cyber security practices.

The approach that is most widely used in the industry nowadays to ensure cyber security in the full lifecycle is to build it based on the existing internationally recognized standards. Since July 2022, the automotive world is subject to UNECE regulations Nr. 155 and 156. These regulations apply in 56 member states and aim to improve cybersecurity and specifically target the Cybersecurity Management Systems (CSMS) and Software Update Management Systems (SUMS). Next to the UNECE regulations, ISO 21434 is a widely used standard used in the Automotive world. ISO 21434 was developed with the intent of providing a solid basis to achieve R155 compliance. It addresses the cybersecurity perspective in engineering of electrical and electronic systems within road vehicles.

Since the UNECE regulations are relatively new, the overall compliance level in the automotive sector is relatively low. Hence, many companies do not have well established documented processes in place and require support of companies such as Secura to guide them towards higher cyber resilience.

As an intern, you will be responsible for the following:

• Analyze requirements from different standards to understand how those requirements can be translated into a set of required documents
• Create a set of templates that automotive companies can use to build their cyber security processes with focus on achieving compliance with the regulations.

Example of documents include:

• Template for cybersecurity policy including management support, following requirement 7.2.2.2(a) of UNECE R155 and work product [WP-05-01] of ISO 21434.
• Template for a threat analysis and risk assessment methodology, in line with R155 and clause 15 of ISO 21434.

Templates for procurement of components/items from external suppliers and the related cybersecurity policies.