Consulting

Your Trusted Automotive Cybersecurity Partner

Security Solutions

Security Requirements and Traceability

What are Vector Security Solutions?Cybersecurity is absolutely mission-critical in most environ-ments, because systems are increasingly open for external penetration. Functional safety needs cybersecurity to make safety requirements robust.Vector has the widest automotive cybersecurity portfolio covering base software, tools and consulting. Our security experts advise companies worldwide with TARA, Design and Concept, Architecture and Code analysis, Penetration Testing, Virtual Security Manager, Security Process, Tools, Training and Coaching.

Our Security Solutions cover: > Vector SecurityCheck with Threat Analysis and Risk Assessment (TARA), security goals and requirements, security concept and strategy > Security Testing with PenTesting, code analysis, architecture review and Fuzzing > Methodology and tool support for security-oriented tests and resilience > Consulting, Training and Coaching for the effective implementation of cybersecurity across the life-cycle > Interim Security Manager and remote security support

> Develop, specify and check security requirements based on threat scenarios and Automotive Common Criteria > Sustainable implementation of ISO 27001, SAE J3061, ISO 15408 and forthcoming ISO 21434.

Your Advantages with Vector Consulting > Most complete portfolio covering base software, tools and consulting for hardware, software and service layers > Extensive cybersecurity competencies from working with OEMs and suppliers worldwide > Vector full support for security life-cycle from TARA to maintenance and services > Leading automotive security best practices for 20 years, covering all key topics, such as cryptography, key management and root cause analysis > Experience with hardware trust anchors (SHE, HSM, TPM) > Consulting, Training and Coaching with foundations for automotive applications and practical examples > COMPASS Assessment Tool with continuous updates from the Vector security database

www.vector.com/consulting

Fact Sheet Security Solutions

V1.

0 | 2

020-

01

Process Improvement and ToolsVector works closely with you for the assessments and im-provement of security process, governance and standard compliance. Vector COMPASS Tool facilitates threat and risk analysis. It provides the necessary reporting on security analyses and mitigation, as required by security standards. With COMPASS, you get systematic insight to assets and threats while being updated with Vector database.

Training and CoachingOur trainings and coaching showcase how cybersecurity can be successfully implemented in automotive systems. Topics include:

> Basic techniques for specification, analysis, testing and proofing of security > Security standards, legal obligations and governance > Practical case studies and industry examples

Design and ConceptWe create security analyses and concepts for effective implementation of cybersecurity

> Analysis of system architecture down to technical component level (SW/HW components) > Technical Security Requirements refined from concepts > Security by Design: Key Management and Secure Coding > Support in modernizing and hardening your network, e.g. Ethernet introduction and robust interfaces.

Threat Analysis and Risk Assessment (TARA)The Vector SecurityCheck is based on an integrated analysis from security goals towards attack vectors and threats to an initial security concept with guidance for further implementation.

> Definition of Security Item and Assets > Performance of TARA: Each asset is analyzed with respect to potential attacks, the effect of the attack and the resulting threat. > Derivation of Security Goals and Security Requirements > Our COMPASS Tool supports TARA according to stan-dards, e.g. SAE J3061 and upcoming ISO/SAE 21434.

Security Testing Our Security Testing service includes Static Code Analysis, Fuzz Testing and Pen Testing. It allows our experts to employ comprehensive security analysis, from code and architecture level to targeted attacks, uncovering system weaknesses and potential risks. The methods and techniques used are similar to those deployed by hackers or crackers to break into a system.

Virtual Security Manager Vector provides a virtual security manager, who coaches your team and interacts with customers and suppliers.

> Immediatel contact point for questions > Coach for on automotive cybersecurity methods > Access to our experts along the entire security life-cycle

Vector is your trusted Cybersecurity Partner:

“Vector Consulting Services is a good partner for analyzing and supporting vehicle security realization. The Vector team has helped Claas implement TARA and security engineering for embedded ECUs” - Alexander Großmann, Claas E-systems

“Vector Consulting supported Panasonic in cybersecurity, demonstrating outstanding expertise. The goal of a comprehensive TARA, integrated into a security concept, was achieved!” - Michael Prantke, Panasonic

For more information about Vector Security Solutions, please contact our security experts:

> E-Mail: consulting-info@vector.com > Tel.: +49 711 80670-1520

www.vector.com/consulting

Reference vehicle architecture with security protections