With the introduction of the new European Security Directive according to ECE Level (UNECE WP29), vehicle manufacturers will have to submit proof of the cyber security of their vehicle systems in order to obtain approval for their products. From now on, manufacturers will have to prove every three years that they use a certified cyber security management system that covers all stages from vehicle engineering to documentation. With this cyber security management system, they must check all vehicle types for cyber security, identify and document the potential threat and address and demonstrably solve security-critical problems with proposed solutions.
A prerequisite for this cyber security check is a tool that enables manufacturers to check their systems for ECE conformity in the first place. This is where Threatget steps in: The software provides IT system designers with effective support for security precautions against potential cyber attacks. The two development partners, the Austrian Institute of Technology (AIT) and Sparx Services, contribute complementing competencies: AIT develops state-of-the-art AI technologies for use in a critical market segment and has perfected Threatget technology over the years, while Sparx Services has in-depth knowledge of model-based system development using the Enterprise Architect modeling platform. This makes it possible to take safety and security requirements into account as early as the design phase of systems, the providers advertise.
In the context of a rapidly growing security engineering industry, Threatget addresses the target group of vehicle manufacturers as well as all companies that analyze vehicle architectures and systems in order to issue certificates (e.g. TÜV) and persons in the automotive training environment.
The Threatget database of threat potential threats and proposed solutions is currently maintained and maintained within the framework of applied research and development. Users receive a list of possible problems and associated solutions for the desired system model (e.g. for their vehicle platform), which are then implemented by a security engineer. This manually maintained catalogue also includes updates to other threat catalogues, which are additionally compiled by Computer Emergency Response Teams (CERT), for example. With the help of algorithms that make use of artificial intelligence (AI), the Threatget catalog will be automatically updated with these external threat catalogs in the future. In this way, AI will help to keep the complexity of the ever-increasing networking of our systems manageable in the future.
Threatget makes it possible to guarantee the same basic security principle for all manufacturers in the future. In addition, it should also be possible for manufacturers of special vehicles (e.g. for the security sector) to build on this basic security principle and at the same time manually extend certain security levels and rules in their vehicle systems.
Further reading: https://www.unece.org/trans/main/wp29/introduction.html