Activity: Talk or presentation / Lecture › Presentation at a scientific conference / workshop
Description
Cybersecurity by Design: holistic development of secure systems in the automotive and industry field. Cyber Threats stem from 4 problem areas: the complexity of systems as IoT presents to us, the vulnerability of systems due to software inconsistencies, the know-how of attackers and the tools to do so. The sticking point becomes apparent in the development process of systems. But here, security considerations follow most often at the end of the process, which also leads to insufficient documentation.
Threat Modeling+: The methodology to develop secure systems, in compliance with standards and regulation.
Insufficient documentation contradicts industry-specific standards and norms. For example, the Industrial Security Standard (IEC62443) is worth mentioning, as is ISO/SAE-214343, which makes risk analysis and system design equally mandatory. In the future, the Cyber Resilience Act will mandate such an approach for all digital systems.
The approach of "Cybersecurity by Design" with its implementation in Threat Modeling has existed for some time. The aim here is to identify potential threats in the system model based on a threat model. The AIT Austrian Institute of Technology has further developed this modeling method with artificial intelligence and industry-specific threat catalogs under the name "ThreatGet".