Cyber Security Management System for the Automotive, Industrial and Railway Sector

Project overview:

• Goal: Create the universal set of cyber security management system (CSMS) requirements applicable for automotive, industrial and railway sectors.
• Location: Amsterdam / Eindhoven
  
• Timeframe: 6 months
• Starting: starting in Q2 2023
• Complexity: Medium
• Team: Product Manufacturers
• Supervisor: Anna Prudnikova / team member from Product Manufacturers

*Can be used as a Master Thesis topic.

As a student, you have:

Education:

• An HBO or WO level of education in the relevant domain.

Technical skills:

• Knowledge of cyber security management domain
• Good knowledge of Operational Technology security (OT)
• Understanding of differences between OT security and IT security
• Knowledge of industry related standards is a bonus: IEC62443, ISO27K

Soft skills:

• The ability to work well in an international team environment;
• Good communication skills
• Organized.
• Clear documentation writing skills.

The project you will be working on:

Secura is an active player in the different sectors of technology including Operation Technology (OT), IoT and IT (more details can be found on our web-site https://www.secura.com/markets/product-manufacturers). One of the major focus areas is the security of products and ultimately the certification to provide assurance the all types of OT/IoT/IT products are secure. When we talk about security the products, we always need to keep in mind that the product should also be developed in a secure way in a secure environment following best cyber security practices. This can be ensured by means of creating cyber security management system (CSMS).

In the recent years, all sectors of technology have realized that it is of essential importance to ensure cyber security but also realized that for many industries this is a new topic and that they need additional guidance. This additional guidance is prepared in different forms by different sectors: e.g. by means of enforcing mandatory regulation or by means of creating standards with suggested set of requirements to implement.

One of the major focus markets for Secura is automotive. The UNECE (United Nations Economic Commission for Europe) has been working in the past years on a new regulation, focused on Cybersecurity for road vehicles. The regulation has been formally adopted in June 2020, and has entered into force from January 2021. Under the new regulation, vehicle manufacturers (OEMs) will need to satisfy the Cyber Security Management System (CSMS) requirements in order to be allowed to apply for type approval of specific vehicle types. The regulation can be found here:

https://unece.org/transport/documents/2021/03/standards/un-regulation-no-155-cyber-security-and-cyber-security

Recently Secura has identified that multiple major OEMs in automotive sectors manufacture products between multiple technology verticals: automotive / industrial, automotive / railway or all three together. Thus, the question arised, whether it is possible to create a single CSMS that can be extended for all three verticals and be complaint with cyber security publication relevant for those sectors including:

• Automotive: UNECE R155 regulation
• Industrial: IEC62443 (in particular 2-1)
• Railway: CLC/TS 50701

As an intern, you will be responsible for the following:

• Analyzing requirements from all three publications and extracting them within a single framework
• Mapping extracted requirements to the dedicated categories per CSMS topic
• Comparing all the extracted requirements from the considered regulation and standards to identify the gaps
• Creation of the final set of universal CSMS requirements applicable for all three sectors
• Preparing the white paper with final results