Cyber Security Engineering

What does ‘secure’ actually mean? Security is always context-specific. For example, confidentiality is imperative for passwords, but irrelevant for public messages. This is why a risk analysis is necessary to identify possible attack paths and assesses the associated risk. Our experts team up with yours to develop a risk assessment with prioritized vulnerabilities to guide your decisions about the cyber security concept.

What we do at a glance:

• Identification of threat scenarios
• Attack trees modelling
• Delivering reusable results
• Ensuring compliance with standards such as UNECE r155, ISO/SAE 21434, and the EU Cybersecurity Resilience Act (CRA), IEC 62443

What security mechanisms do you need? We will work with you to develop a concept for a security architecture engineered to meet the defined security goals and outline the requirements for implementation. Once we jointly finalize the concept, we can specify the appropriate requirements. Another task is to specify the requirements for implementation.

Count on us to:  

• Specify security mechanisms, to include integration concepts such as secure boot, secure OTA updates, secure diagnostics
• Put into practice secure cryptographic protocols such as secure onboard communication
• Assess costs/ benefits for security mechanisms

How do you actually implement security mechanisms ‘securely’? Even if the concept and specifications are indeed secure, software vulnerabilities can easily compromise the overall system’s protection. This is why it is so important for developers to rule out all software vulnerabilities – that is, in the components that implement security mechanisms and in all other software – to afford proper protection against hackers. We rely on secure coding practices and semi-automated code analysis to ensure code conformity.

Count on us to:

• Develop turnkey security modules, for example, by encapsulating critical code/ cryptographic functions
• Develop and integrate the hardware security module (HSM)
• Review source code

Have any chinks in the armor, any opportunities for attacks been overlooked? Software has to be tested to confirm its reliability, and the same goes for secure systems. We use state-of-the-art methods and tools to test systems for vulnerabilities that an attacker could exploit and explore your options for fixing these vulnerabilities. 

What we do at a glance:

• Embedded device penetration testing
• Web service backend penetration testing
• Mobile app penetration testing
• IT network penetration testing (OSCP / OSEP -certified)

How secure are your products? Security is a big deal when companies set out to develop products, but key questions about how to design and build in security often go unanswered. How much should you invest to achieve the appropriate level of security? Where do you start? What steps will you have to take? If you want to make informed decisions and avoid needless investments, a check-up is an excellent idea.

What we do at a glance:

• Opt for a fixed time and price with the workshop format, if you wish
• Keep your design options open by selecting experts who know all about gap analysis, processes, products, development artifacts, etc.

Take advantage of our training to empower your employees and cultivate a cyber security mindset:

• Basic Training for Cybersecurity Engineers
• Secure Coding in C

Our customers have to cope with a rising tide of more and more cyber security standards and regulations. To ensure compliance, they have to integrate cyber security into products, monitor it throughout these products’ lifetime, and embed it in the organization. However, the impact of emerging regulations and standards is as yet uncertain. This customer may not know much about cyber security; that customer may have little experience with it. Many are not very well versed in security responsibilities, certifiers’ requirements, lead times, effort, and costs. If any event, you will need a cyber security strategy to make the informed decisions required to arrive at a robust security posture.

What we do at a glance:

• Ensures compliance with regulations such as UNECE r155, EU Cyber security Resilience Act (CRA)
• Develops a pan-organizational strategy for integrating cyber security throughout the enterprise
• Supports, plans, and executes certification processes, to include a milestone plan, complexity/ cost assessment, and communicating with certifiers

Building security into the product is one concern, but companies also have to adopt cyber security processes and methods to obtain reproducible results. Take advantage of the vast experience we have in handling cyber security engineering tasks in customers’ ecosystems. Call on our support to help you put new security processes and methods into practice. Rest assured, we will factor requirements, technical constraints, and legacy processes into the security equation.

Count on us to:

• Advise you on processes, for example, on the basis of ISO/SAE 21434 or IEC 62443 requirements
• Make the most of risk analysis methods
• Execute the security testing process and methods
• Help you manage vulnerabilities
• Assist you in managing suppliers
• Conduct cyber security assessments