Automotive Cybersecurity Training (ACT) Program | Open to the Public | Reduced Pricing

Automotive Cybersecurity Training (ACT) Program | Open to the Public | Reduced Pricing

ACT Curriculum and Registration Guidance

This page provides information on each of the ACT Program pathways, modules, and the courses contained within each module. To register, select the Register button. By selecting the register button, it will register an individual for the entire module including the courses within the module.

Registration guidance for both Fundamental and Advanced Pathways are in an accordion below.

ACT Program Fundamental Pathway Modules are delivered online and on-demand. They can be taken anywhere and at anytime. The cost for the Fundamental Pathway modules is listed as $500 USD. There are three fundamental pathway modules 1) Cybersecurity Basics, 2) Secure Engineering, and 3) Secure Operations and Management.

Open the first dropdown of each pathway module to learn more about the pathway. For example: select the plus sign to expand the accordion for Cybersecurity Basics Duration: 32 hours.

ACT Program Advanced Pathway Modules are delivered in-person for 2024. The location and dates are provided below. The cost is $2,250 USD for non-members and $2,000* USD for members.*Note: Members will be required to reach out to their Point of Contact (POC) for a code to receive the discounted pricing for Advanced Pathway Modules only. There are four advanced pathway modules 1) Advanced Engineering, 2) Advanced Wireless, 3) Advanced Electric Vehicle (EV) / EV Infrastructure, and 4) Advanced Guided Attacks.

Note: a biography of the trainers is being developed and will be published upon receipt of all permissions to release the information due to privacy laws.

Reach out to ACT@automotiveisac.com for any questions or visit the FAQ page for the ACT Program.

  • No experience. Must take six (6) modules. Must take Fundamentals Pathway - Basic Cybersecurity module plus Fundamentals Pathway Secure Engineering or Fundamentals Pathway Secure Operations/Management module, then complete all four (4) Advanced Pathway Modules. No extra cost to sit for CAPEX.

    Intermediate experience. Must take an Advanced Pathway Module to supplement existing knowledge before taking the CAPEX. No extra cost to sit for CAPEX.

    Experienced Automotive and/or Cybersecurity Engineers / Managers. May take an Advanced Pathway Module to supplement existing knowledge. Eligible to sit for this exam by paying $1,000.

  • FUNDAMENTAL PATHWAY MODULES REGISTRATION ONLY: Once the REGISTER button above is selected, the page will be redirected to our Strategic Partner’s landing page to sign in for registration.

    Sign In With Google Instructions: If the user selects Sign In With Google, a pop-up window will appear to enter your Gmail email address, then select Next, enter your Gmail email address password, select Next. The user will be signed into the VSEC automatically.

    Register for VSEC (Vehicle Security Engineering Cloud) Instructions: If the user does not have a Gmail account, the user must select Register for VSEC. Create a username, enter your email address, create a password, read, and agree to the terms of use and the privacy policy, select Register. Check your email to verify your email address for vsec-core by selecting the hyperlink in your email. Once verified, login with your credentials.

    Once logged into VSEC platform: locate The Plunge, locate ACT logo, and click once or twice dependent on your mouse settings. Locate ACT Program at the top left of the page and select it. We are offering three (3) fundamental pathway modules.

    Purchase and Register for modules: Select the module to purchase and register. A pop-up window will appear, select Buy Course, Enter your Email address for a receipt (if blank), then select Checkout, an order summary and payment details box will appear. Note if the Order Summary and Payment Details are in red, this means that the user is purchasing a Block Harbor Course.

    If the Order Summary and Payment details are in teal, this means that the user is purchasing an ACT Program module. Enter your payment details and select Pay now. Remember that these courses are under ACT Program, not Core. The lock on the module will disappear. You may start the module.

  • ADVANCED PATHWAY MODULE REGISTRATION ONLY: Once the REGISTER button below is selected, the page will be redirected to Stripe to pay for the module. Don’t forget Auto-ISAC members are eligible for a discount on Advanced Pathway Modules only. Reach out to your company point of contact (POC) to receive your discount code. Apply the discount code in Stripe (select add promotional code). Seats and discount codes are limited to 25 per module.

  • Individuals holding the CASE certification must keep their knowledge by supplying the Auto-ISAC with a Continuing Professional Education (CPE) form after completing 16 hours of continuing education and training each year. This certification expires in three years unless the CPEs are maintained yearly.

    CPE Procedure: Click Here

    CPE Form: Click Here

    Forms shall be submitted to: ACT@automotiveisac.com

  • Automotive Cybersecurity Training (ACT) Program History, Goals, Design and Development, ACT Background, Intended Audience, and What is the ACT Program.

ACT PROGRAM FUNDAMENTAL PATHWAY MODULES

Method: online / On-demand

Click on “+” for detailed information

Cybersecurity Basics

  • Purpose: This module delivers the fundamental knowledge for the high-level architecture of the cybersecurity solution. The content for each topic can be mapped to either the Auto-ISAC Governance Best Practice Guide or the standards recommended in that guide. Upon completing this module, the student can create a practical, complete, and fully compliant automotive security architecture for the appropriate organizational application.

    Module Description: This module presents the concepts of cybersecurity for individuals or organizations seeking guidance on establishing a comprehensive vehicle cybersecurity effort. It offers best practices and implementation guidance to help individuals or organizations design, build, and institute an effective, organization-wide vehicle cybersecurity function. Topics include Terminology, basic principles and paradigms, attacks, threats and vulnerabilities, security of operations, confidentiality, PII, management of risks, security analytics, ISO/SAE 21434, and a short intro to reverse engineering.

    Module Goals and Application: The contents of this module will help the student understand the structure, purpose, and intent of a complete and well-defined array of organizational governance processes for automotive cybersecurity. In that respect, the focus is on operational best practices as specified in commonly recognized, universally standard recommendations for the automobile industry. Students will learn how to plan, implement, and maintain a comprehensive, strategic governance solution for an automotive ecosystem or build a coordinated set of systematic security behaviors into regular operation.

    It should be noted that the contents of this module are comprised of recommended best practices. Each of these practices aims to establish a particular standard aspect of cybersecurity. These functions are voluntary, non-prescriptive, and aspirational in nature. Organizations may use any part of this knowledge to determine a governance approach that best matches their unique risk landscape. The student will learn each of these practices and how they relate to the overall purpose of enhanced vehicular cybersecurity.

    Module Objectives: At the end of this module, and individual will be able to: itemize basic concepts, technologies, and issues to general cybersecurity such as: data classification, the CIA triad, security policy, PII and some of its implications, analysis of attack surfaces, understand paradigms such as least privilege, access controls, and security capabilities of hardware, understand the roles of security products, etc.

    Do you have a technical background and are entering into a cybersecurity position? A recent hire or an intern? If yes, sign up for Cybersecurity Basics.

    Alignments:

    UNECE R155: Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management systems.

    UNECE R156: UN Regulation No. 156-Software update and software update management systems.

    ISO/FDIS 24089: The requirements and recommendations apply to vehicles, vehicle systems, ECUs, infrastructure, and the assembly and deployment of software update packages after the initial development. It is applicable to organizations involved in software update engineering for road vehicles.

    ISO/SAE 21434:2021 Road Vehicles - Cybersecurity Engineering: This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.

    ISO 26262-1:2018: Road Vehicles - Functional Safety. intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production road vehicles, excluding mopeds.

    Prerequisites: None. This module is entirely online and on-demand. Prerequisites: None. Refer to Registration Guidance.

    Method: Online, On-Demand

    Price: $500 USD

    Certificate: Certificate of Completion

  • Course Objective: Build the foundations of Zero Trust, teach the basics of authentication, the need to apply authentication to achieve principles of Zero Trust, Authentication methods of both handshakes and signatures will be taught, detail the challenges of Identity Management as it applies to authentication, and concepts will be brought together to teach how to create a permissions framework and manage authorizations within Automotive Products.

  • Course Objective: provide the basic understanding of the intelligence analytic process to enable them to participate in the analysis and production of intelligence or to make best use of the intelligence and analytical resources available to support them.

  • Course Objective: Foundation in the principles of network planning, objective of implementing the principles of cybersecurity, networking technologies relevant to the auto industry, designing automotive network plans, learn to analyze the latest technologies present, identify the network purpose within network planning of design proposals, develop trust boundaries within a network plan, be able to classify the various state of the art networking technologies in the automotive industry. This course will not detail all the activities to complete a Threat Analyses and Risk Assessment (TARA).

  • Course Objective: learn the cybersecurity lifecycle building blocks of the cybersecurity process, and its logical sequence to how cybersecurity systems are implemented. The bodies of knowledge includes information assurance, software and system engineering, and computer science.

  • Course Objective: Personally Identifiable Information (PII). Learn about what it is, its focus on unauthorized access release or use in hacks, what its disclosure can result in e.g., identity theft, blackmail, embarrassment, legal liability, and organizational distrust. Impact levels are discussed e.g., PII confidentiality impact.

  • Course Objective: Learn about the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and how this model is used for controlling risk in any threat environment. The process itself is strategic in its orientation and is based on well defined and commonly accepted best practice.

  • Course Objective: Learn how to implement a security operations plan. Governance, Risk and Compliance (GRC) is explained and how to develop this plan in an automotive domain. Learn how GRC can reduce costs, provide effective reporting, enhance information gathering, reduce confusion, provide a consistent vision for resource allocation, create unified efforts across functional areas within an organization, and provide comprehensive cybersecurity efforts and investments.

  • Course Objective: Learn the concepts that drive current-day threat modeling, fighting through adversity with cyber resiliency, identifying value and priorities, threat modeling analysis, and tools for analysis e.g., MITRE ATT&CK.

  • Course Objective: Learn how to comply with UNECE regulations regarding software security, discover how to formally communicate with an authorized approval authority, learn how to utilize a technical service for testing verification of conformance, and how to create a system to detect and prevent defects in code.

Secure Operations & Management

  • Purpose: This module presents the basic concepts of lifecycle security operations for organizations seeking guidance on establishing a practical vehicle cybersecurity operational process. It contains best practices and guidance to help automobile companies design, implement, and operate an effective, everyday cybersecurity function within a business unit and any related organizational unit requiring vehicle cybersecurity operations. The module is designed to provide a top-level understanding of the best practices that underlie an effective automotive cybersecurity operation. The focus is on the operational application in the day-to-day application rather than how these concepts relate. Concept level topics were covered in Security Basics, but this model assumes that base knowledge and builds upon the concepts to start providing capabilities. Therefore, students will learn how to plan, implement, and maintain a secure, continuous lifecycle operation for an automotive application.

    Module Description: This module gives general information pertaining to how to look at vehicles communications and networks from a cybersecurity perspective and in particular detail to the automotive industry. Attention to the networks available in vehicles and the protocols they use including standard protocols such as CANBUS and Automotive Ethernet, but also more niche protocols such as FlexRay and legacy protocols often used to exploit a system (due to backwards compatibility requirements) such as K-Line. Students also get hands-on experience using Linux (Kali preferred) and are given labs to execute in a virtual environment with a set of targets.

    Module Objectives: At the end of this module the student will understand US and international security policies and regulations to help their products go to market worldwide. They will also understand some US Government programs to help industry and some various protections offered by government agencies. Students will understand how to conduct Incident Response (IR), develop an IR Plan, and be able to share information efficiently with other community members.

    Example Roles: Business/Line Manager/Project Manager/Incident Responder/Intelligence Analyst/Auditor/Assessor

    Alignments:

    UNECE R155: Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management systems.

    UNECE R156: UN Regulation No. 156-Software update and software update management systems.

    ISO/FDIS 24089: The requirements and recommendations apply to vehicles, vehicle systems, ECUs, infrastructure, and the assembly and deployment of software update packages after the initial development. It is applicable to organizations involved in software update engineering for road vehicles.

    ISO/SAE 21434:2021 Road Vehicles - Cybersecurity Engineering: This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.

    ISO 26262-1:2018: Road Vehicles - Functional Safety. intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production road vehicles, excluding mopeds.

    Prerequisites: Cybersecurity Basics Module. Refer to Registration Guidance.

    Method: Online, On-Demand

    Certificate: Certificate of Completion

  • Course Objective: Learn to explain what an Incident Response (IR) playbook is, what its purpose articulates in automotive cybersecurity, what is the need for an IR playbook, how to scrutinize and how to develop an IR Playbook in your organization.

  • Course Objective: Learn the R156 cybersecurity requirements for vehicle approvals, the requirements and data handling for Global Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Discussion on NIST Cybersecurity Framework (CSF) and how to implement regulatory compliance into your organization is discussed.

  • Course Objective: Learning, understanding and becoming acquainted with government authorities as they pertain to cybersecurity e.g., Protected Critical Infrastructure Information (PCII), Critical Product Evaluation (CPE) program, National Cybersecurity and Communications Integration Center (NCCIC), NCCIC Cybersecurity Evaluation Tool (CSET), and several others that can be used within your organization.

  • Course Objective: Learn the best practices of the cybersecurity incident response function and this course will go in depth on the best practice recommendations for vehicular incident response. This course will consider the importance of a systematic and fully documented control architecture, the importance of baselines for cybersecurity risk management, the common terminology to better communicate cybersecurity risk, and the six (6) highly distinctive aspects of the process and the critical role that communication plays.

  • Course Objective: learn what is an automotive vulnerability, the unique challenges the automotive industry faces when preparing a vulnerability management system, the different sources of vulnerabilities and how they differ.

  • Course Objective: this course focuses on the processes of identifying, managing, and mitigating automotive risk as prescribed by clauses six (6) and fifteen (15) of the ISO/SAE 21434 standard. Learn about the four (4) possible approaches to risk, risk management models, how to implement the risk management framework (RMF), operationalizing standard risk management, risk management planning, how to understand and categorize the environment, risk assessments, evaluate candidates for control, deployment of risk management controls, ISO 31000-2009 is discussed, and Automotive Threat and Risk Management (Clause 8, ISO/SAE 21434).

  • Course Objective: Learn the fundamentals of supply chain risk management (SCRM). Discussion of what is the software supply chain, brief history of software supply chain attacks and vulnerabilities, an analysis of prominent supply chain attacks, methods on how to improve the software supply chain integrity, definition and discussion on the software bill of material (SBOM) along with advantages and disadvantages of an SBOM.

Secure Engineering

  • Purpose: This module presents the basic concepts of lifecycle security operations for organizations seeking guidance on establishing a practical vehicle cybersecurity operational process. It contains best practices and guidance to help automobile companies design, implement, and operate an effective, everyday cybersecurity function within a business unit and any related organizational unit requiring vehicle cybersecurity operations. The module is designed to provide a top-level understanding of the best practices that underlie an effective automotive cybersecurity operation. The focus is on the operational application in the day-to-day application rather than how these concepts relate. Concept level topics were covered in Security Basics, but this model assumes that base knowledge and builds upon the concepts to start providing capabilities. Therefore, students will learn how to plan, implement, and maintain a secure, continuous lifecycle operation for an automotive application.

    Module Description: This module gives general information pertaining to how to look at vehicles communications and networks from a cybersecurity perspective and in particular detail to the automotive industry. Attention to the networks available in vehicles and the protocols they use including standard protocols such as CANBUS and Automotive Ethernet, but also more niche protocols such as FlexRay and legacy protocols often used to exploit a system (due to backwards compatibility requirements) such as K-Line. Students also get hands-on experience using Linux (Kali preferred) and are given labs to execute in a virtual environment with a set of targets.

    Module Goals and Application: This module provides the knowledge that engineers can use when creating architecture/design for vehicles (such as ways to implement cryptography, understanding of attack methods such as escalation of privilege and fuzzing), what NIST security guidelines are available for consideration, and the different networks and protocols (and some of their attendant dangers) exist in modern vehicles.

    Module Objectives: At the end of this module the student will understand how to use Kali Linux to assess a security target and will have protocol information and vulnerability information for many of the popular, legacy, and niche protocols used in vehicle communications. They will additionally understand how to implement cryptography in design and in operation. They will understand what common controls and access methods are used generally and will have discussed the most appropriate for the automotive domain. Lastly, students will have knowledge about NIST guidelines for consideration as they design or implement vehicle designs at work.

    Example Roles: Product Security Analyst/Vulnerability Analyst/Function Owner/Systems Engineer/Test & Validation Engineer/Pen Tester/Product Security Architect

    Alignments:

    UNECE R155: Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management systems.

    UNECE R156: UN Regulation No. 156-Software update and software update management systems.

    ISO/FDIS 24089: The requirements and recommendations apply to vehicles, vehicle systems, ECUs, infrastructure, and the assembly and deployment of software update packages after the initial development. It is applicable to organizations involved in software update engineering for road vehicles.

    ISO/SAE 21434:2021 Road Vehicles - Cybersecurity Engineering: This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.

    ISO 26262-1:2018: Road Vehicles - Functional Safety. intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production road vehicles, excluding mopeds.

    Prerequisites: Cybersecurity Basics Module. Refer to Registration Guidance.

    Method: Online, On-Demand

    Certificate: Certificate of Completion

  • Course Objective: Learn about the Controller Area Network (CAN bus) comparison to other automotive protocols, discussion on CAN key features e.g., serial network, bus architecture, built in error handling, the physical layer and variations of SW, LSFT, topology (single bus vs. direct connection between every ECU), the CAN node (components of CAN ECU), the data link layer (CAN frame is discussed in detail), error detection in CAN and error frames, fault containment, diagnostics, and J1939 using CAN for heavy duty.

  • Course Objective: Learn to develop a framework of preparedness for cybersecurity, illustrate elements of a strong cybersecurity framework, manage levels of preparedness in anticipation of reasonable threats, building a framework to assemble and meet the needs of threats as they are identified, and establish an ongoing need for threat analysis in an automotive organization. Learn to define, categorize, and identify risk ownership.

  • Course Objective: Learn about automotive pen-testing, pen-testing motivation, legal and ethics, the penetration testing process, finding zero-day vulnerabilities, and the understanding of fuzzing. Scope with respect to information gathering, hardware, firmware, radio, and communication analysis is discussed.

  • Course Objective: Learn how to build/install Kali Linux from a downloaded distribution image, navigate Kali Linux with Linux basic command and graphical user interface techniques, complete Kali Linux system maintenance, updates, upgrades, and package installations, and learn to harden the Kali Linux operating system after installation.

  • Course Objective: Learn the Open Systems Interconnect (OSI) model’s conceptual framework. Discussion on the basic concepts of the OSI model, overview of conventional OSI layers, cross-layer functions, OSI application to automotive (the internal vehicle network), common vulnerabilities, risk analysis, Control Area Network (CAN bus) transmission, protocols, implementation, and nodes, automotive topologies are discussed, vehicle defense in depth: Threat Analyses and Risk Assessment (TARA), subnetting, and CAN security concerns.

  • Course Objective: this course draws the distinction of privacy and confidentiality, learn how to set up the characteristics of data and how to protect, learn to define how to link the data, various privacy laws and provisions are discussed.

  • Course Objective: learn the methodology of cybersecurity resilience, its three principles, six arguments, and one equation. Learn the importance of cyber resilience to meeting compliance and business continuity needs, how to address your through life resilience needs including the face of cyber attacks, taking advantage of what we know using tools and techniques to achieve cyber resilience outcomes.

  • Course Objective: Learn the best practices for maintaining vehicle software security, how to test and analyze vehicle type risks and the attendant mitigations, how to implement software assurance in vehicle type design, how to document proper configuration control over vehicle software, and how to develop documentation of vehicle type compliance.

ACT PROGRAM ADVANCED PATHWAY MODULES

Method: In-Person for 2024

Advanced Engineering: January 22 - 26, 2024 Advanced Wireless: February 5 - 9, 2024

Advanced EV/EV Infrastructure March 4 - 8, 2024 Advanced Guided Attacks: April 29 - May 2, 2024

Location: American Center for Mobility (ACM), Ypsilanti, Michigan

$2,250 per module for Public | $2,000 per module for Auto-ISAC Members (with code)

Advanced Engineering

  • Advanced Engineering

    Dates: January 22 - 26, 2024

    Location: American Center for Mobility (ACM), Ypsilanti, Michigan

    Time: 8:00 - 5:00 PM EST

    Non-Member Price: $2,250 USD

    *Member Price: $2,000 USD

    **Auto-ISAC members ask Company Point of Contact (POC) for code. Codes are limited to 25 and based on first come first serve.

    *Payment methods: ACH, Credit, Invoice, or Debit Cards.

    Email: ACT@automotiveisac.com with questions.

    Purpose: This module focuses on standard engineering tasks that would be expected of engineers in the field and gives them hands-on practicums to learn and then demonstrate competence in the analysis and implementation of cybersecurity principles and techniques in diagnostics, and updates, and also engaged in discussion and guided practice concerning the nature of reverse engineering, SBOM concerns, and general security design principles with attention to a standard attack vector – the infotainment system. NOTE that the figure 9 below illustrates the courses for the Pilot; for the Sustainment track, the Protocols & Diagnostics will be exclusively focused on Automotive Ethernet. The other protocols can be covered in specialized sessions.

    Module Description: A more detailed level of training and guided discussion about the practice of secure design and relevance of reverse engineering during design and operations phases will result in a more advanced engineering team. These discussions and concepts are followed up with some specific protocol focus (e.g., infotainment units, Automotive Ethernet, and UPTANE) as well as how diagnostic tools can be used and secured. Coverage of SBOM risks and discussion about how to understand what software packaging issues may impact vehicle design considerations is stressed.

    Module Goals and Application: Students will be able to apply concepts of reverse engineering and secure design thinking to their daily tasks. They will have explicit hands-on experience and detailed conversations about security implications of widely used and potentially high-risk protocols and will understand the importance and some tools to verify the firmware/software versions running on supplied components. Finally, they will understand diagnostic tools and their potential security impact.

    Module Objectives: Students will understand how to employ cybersecurity in Top Level Design thinking for both hardware and software, sustainment principles for secure software and hardware as well as the risks to supply chain and the management of risk. Additionally, students will have the opportunity to engage in risk identification and analysis, transmission protocols and diagnostics to examine the cybersecurity risk posture of a target vehicle. Students will be able to understand the basic principles of software reverse engineering, use UPTANE as a model for secure over the air updates and basic use cases. Lastly, students will be able to understand the scope of data forensics employed against a vehicle target and be able to engage in forensics data capture and analysis with a provided example tool set.

    Alignments:

    UNECE R155: Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management systems.

    UNECE R156: UN Regulation No. 156-Software update and software update management systems.

    ISO/FDIS 24089: The requirements and recommendations apply to vehicles, vehicle systems, ECUs, infrastructure, and the assembly and deployment of software update packages after the initial development. It is applicable to organizations involved in software update engineering for road vehicles.

    ISO/SAE 21434:2021 Road Vehicles - Cybersecurity Engineering: This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.

    ISO 26262-1:2018: Road Vehicles - Functional Safety. intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production road vehicles, excluding mopeds.

    Prerequisites: Completion of Fundamentals Pathway, if no experience. Intermediate Experience or an experienced automotive and/or cybersecurity engineer and/or manager. Refer to Registration Guidance for additional information.

    Method: In-Person

    Certificate: Certificate of Completion

  • Course Objective: Learn the concepts of secure design within the context of embedded ECUs present in a modern automobile, and highlight how these differ from traditional computer applications.

    Laptop ,Hardware, and/or Software Requirements: Need an x64 Windows, Mac, or Linux computer with privileges to install and run Oracle Virtual Box 7.0.10 + Extension packs. https://www.virtualbox.org/wiki/Downloads

    Course labs will not work on Chromebooks, or M1/M2 Macs.

    Please ensure your laptops have at least three (3) USB-A ports or bring an adapter or hub that has the required USB-A ports.

  • Course Objective: learn the most innovative communication technology developed in the last 10 years (automotive ethernet). The focus will be on the automotive specific differences to other industries concerning the usage of Ethernet. This includes an introduction into protocols e.g., SOME/IP and DoIP. A short overview of network security solutions for automotive ethernet will be presented.

    Laptop, Hardware, and/or Software Requirements: a laptop with a current version of Wireshark is required, capturing support is not required, traces will be distributed, Operating System: Windows, macOS, or Linux, administrator/root access might be necessary to install but should not be required afterwards.

    https://www.wireshark.org/download.html

  • Course Objective: Learn how to set up Controller Area Network (CAN bus) networks and instructors will walk an individual through capturing and analyzing in-vehicle network traffic.

    Laptop, Hardware, and/or Software Requirements: Need an x64 Windows, Mac, or Linux computer with privileges to install and run Oracle Virtual Box 7.0.10 + Extension packs. https://www.virtualbox.org/wiki/Downloads

    Course labs will not work on Chromebooks, or M1/M2 Macs.

    Please ensure your laptops have at least three (3) USB-A ports or bring an adapter or hub that has the required USB-A ports.

  • Course Objective: learn what types of vehicle data investigators commonly look for, why the data is available, how to access the data, real-world examples are provided, demonstration of how to acquire the Electronic Control Unit (ECU) data, and an interactive analysis of forensic data is presented.

    Laptop, Hardware, and/or Software Requirements: Access to a laptop running Windows 10 64-bit OS or newer, or the comparable virtual machine (VM). The minimum memory requirement is 8GB but 16GB+ is recommended. Two available USB A ports and/or a USB hub is acceptable.

  • Course Objective: demonstrations of real-world flaws in a production infotainment device and learn the design alternatives that would prevent them.

    Laptop, Hardware, and/or Software Requirements: Need an x64 Windows, Mac, or Linux computer with privileges to install and run Oracle Virtual Box 7.0.10 + Extension packs. https://www.virtualbox.org/wiki/Downloads

    Course labs will not work on Chromebooks, or M1/M2 Macs.

    Please ensure your laptops have at least three (3) USB-A ports or bring an adapter or hub that has the required USB-A ports.

  • Course Objective: Learn how in-vehicle diagnostics can be abused to manipulate the systems in a vehicle while leveraging the OEM supplied tools for unintended operation or behaviors.

    Laptop, Hardware, and/or Software Requirements: Need an x64 Windows, Mac, or Linux computer with privileges to install and run Oracle Virtual Box 7.0.10 + Extension packs. https://www.virtualbox.org/wiki/Downloads

    Course labs will not work on Chromebooks, or M1/M2 Macs.

    Please ensure your laptops have at least three (3) USB-A ports or bring an adapter or hub that has the required USB-A ports.

  • Course Objective: hands-on hardware reverse engineering tools are provided from the perspective of an attacker, and understand how the physical components of an Electronic Control Unit (ECU) can be used to gain entry into a system.

    Laptop, Hardware, and/or Software Requirements: Need an x64 Windows, Mac, or Linux computer with privileges to install and run Oracle Virtual Box 7.0.10 + Extension packs. https://www.virtualbox.org/wiki/Downloads

    Course labs will not work on Chromebooks, or M1/M2 Macs.

    Please ensure your laptops have at least three (3) USB-A ports or bring an adapter or hub that has the required USB-A ports.

  • Course Objective: Learn an introduction on reverse engineering embedded software.

    Laptop, Hardware, and/or Software Requirements: Need an x64 Windows, Mac, or Linux computer with privileges to install and run Oracle Virtual Box 7.0.10 + Extension packs. https://www.virtualbox.org/wiki/Downloads

    Course labs will not work on Chromebooks, or M1/M2 Macs.

    Please ensure your laptops have at least three (3) USB-A ports or bring an adapter or hub that has the required USB-A ports.

  • Course Objective: Learn an overview of the Transport Layer of the Controller Area Network (CAN bus), how the data is structured, and a breakdown of the applications that rely on it.

    Laptop, Hardware, and/or Software Requirements: Need an x64 Windows, Mac, or Linux computer with privileges to install and run Oracle Virtual Box 7.0.10 + Extension packs. https://www.virtualbox.org/wiki/Downloads

    Course labs will not work on Chromebooks, or M1/M2 Macs.

    Please ensure your laptops have at least three (3) USB-A ports or bring an adapter or hub that has the required USB-A ports.

  • Course Objective: Learn the concepts of secure hardware and the components that can be leveraged when designing an embedded system, to protect a device while remaining compliant with regulatory requirements.

    Laptop, Hardware, and/or Software Requirements: Need an x64 Windows, Mac, or Linux computer with privileges to install and run Oracle Virtual Box 7.0.10 + Extension packs. https://www.virtualbox.org/wiki/Downloads

    Course labs will not work on Chromebooks, or M1/M2 Macs.

    Please ensure your laptops have at least three (3) USB-A ports or bring an adapter or hub that has the required USB-A ports.

  • Course Objective: learn the comprehensive exploration of the challenges and solutions associated with Over-The-Air (OTA) software update security in the automotive domain. Specifically, participants will delve into the intricacies of automotive software update security, potential threats, strategies to ensure secure updates, as well as standards and regulations in the OTA space.

    Laptop, Hardware, and/or Software Requirements: None

Advanced Wireless

  • Advanced Wireless

    Dates: February 5 - 9, 2024

    Location: American Center for Mobility (ACM), Ypsilanti, Michigan

    Time: 8:00 - 5:00 PM EST

    Non-Member Price: $2,250 USD

    *Member Price: $2,000 USD

    **Auto-ISAC members ask Company Point of Contact (POC) for code. Codes are limited to 25 and based on first come first serve.

    *Payment methods: ACH, Credit, Invoice, or Debit Cards.

    Email: ACT@automotiveisac.com with questions.

    Purpose: Attacks of concern in the automotive industry are primarily remote attacks. The ability to affect a vehicle when not physically in contact with it is what is most relevant, and the risk increases proportionally to the potential distance of the attacker from the vehicle. This course teaches the most common radio protocols used in attacks today and introduces radio tools used in the field by researchers and attackers. Heavily practicum based, all students will get to install, tune, and use their software defined radio tools to assess and attack a modern car (or component).

    Module Description: This module uses state of the practice wireless tools from the research and hacker communities to teach the principles of cybersecurity against the air interface. Students will learn about the wireless attack surface, spent time on a few of the most targeted interface, and then learn to set-up and operate tools such as SDR and some specific hardware products and practice using them against actual vehicle and component targets.

    Module Goals and Application: Students will be able to build, configure, and use software defined radios to launch attacks against various radios in a modern car (Wi-Fi, Bluetooth, TPMS, Nearfield, cellular, and GPS) and understand types of attacks that will be successful, and the general risk associated with the different attacks. Students will learn the principal of IMSI Catcher and how to operate one to conduct attacks including phone apps. An IMSI Catcher is a device used to attack a cellular network by masquerading as a legitimate tower for cell phones to connect to. It can be used to launch “MITM” (Man in the Middle) class attacks as well as track a phone/user. They were originally used by law enforcement and intelligence agencies but have been widely used by threat actors for over a decade now.

    Module Objectives: Students will have the opportunity to understand the role of telematics in vehicle design, operation, and risk. Bluetooth, Nearfield, RFID and Wi-Fi risks will be taught to students to understand the impact of those technologies on cybersecurity. Additionally, students will gain an understanding of onboard data transmission safety and cybersecurity principles as well as how to implement SDR software. They will also be able to set up an attack platform for RF attacks against a target vehicle. Lastly, students will be able to set up and operate a Stingray/IMSI catcher system and demonstrate the risks associated to GPS and GLONASS vulnerabilities.

    Alignments:

    UNECE R155: Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management systems.

    UNECE R156: UN Regulation No. 156-Software update and software update management systems.

    ISO/FDIS 24089: The requirements and recommendations apply to vehicles, vehicle systems, ECUs, infrastructure, and the assembly and deployment of software update packages after the initial development. It is applicable to organizations involved in software update engineering for road vehicles.

    ISO/SAE 21434:2021 Road Vehicles - Cybersecurity Engineering: This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.

    ISO 26262-1:2018: Road Vehicles - Functional Safety. intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production road vehicles, excluding mopeds.

    Prerequisites: Completion of Fundamentals Pathway, if no experience. Intermediate Experience or an experienced automotive and/or cybersecurity engineer and/or manager. Refer to Registration Guidance for additional information.

    Method: In-Person

  • Course Objective: learn and understand the historical evolution and significance of Wi-Fi technology, comprehend the physical layer and interface types in Wi-Fi networks, gain proficiency in utilizing Linux commands for Wi-Fi hardware and configurations, explore the advantages and applications of monitor mode in Wi-Fi, analyze Wi-Fi security fundamentals, vulnerabilities, and historical development, gain hands-on experience in passive attacks for monitoring network activities, and develop skills in active attacks, such as de-authentication, and learn strategies to safeguard Wi-Fi networks.

    Laptop, Hardware, and Software Requirements: 16GB of RAM, 500GB storage, support running a virtual machine with a minimum of 4GB of RAM and minimum of 40GB of storage, USB adapters, VirtualBox or VMWare Workstation/Fusion installed, VirtualBox Guest Additions or VMWare Tools, USB passthrough setup and working properly, the course will be in an OVA file to import into VirtualBox or VMWare Workstation/Fusion.

  • Course Objective: Understanding of Threat Analysis and Risk Assessment (TARA) and the steps to perform it.

    Laptop, Hardware and/or Software Requirements: a laptop with spreadsheet and word processing programs.

  • Course Objective: Introduction to Bluetooth networks as an area of interest for security research in the automotive industry. The course will begin with a technical deep dive into the Bluetooth specification and a look at how Bluetooth is used in the automotive landscape. The course will cover Bluetooth security features and go through the history of Bluetooth security research, including case studies of how Bluetooth networks have been targeted for attacks in automobiles in the past. The hands-on portion will introduce participants to the tools used for Bluetooth security research and teach them how to scan for, enumerate, and send data to Bluetooth devices.

    Laptop, Hardware and/or Software Requirements: Virtualization enabled, admin access, and one USB port available.

    *Limited backup kits for students whose hardware is incompatible with the above requirements will be available.

    Oracle VirtualBox (version 6.1 or later) installed and Oracle VirtualBox extension pack installed.

  • Course Objective: fundamental understanding of cellular network communications and basic RF principles and introduction to the methods to evaluate and identify potential threats present in connected vehicles. Learn to setup and configure the software tools and Software Defined Radio’s (SDR’s) used to identify, connect, and influence system operation. Mentors will provide students with an understanding of cellular network operation and the behavior of nodes connected to the network. Building on this understanding, students will create a local cellular network and connect via RF to a telematics unit. Students will then interface with the telematics unit and investigate potential vulnerabilities that are exposed by the link.

    Laptop, Hardware, and/or Software Requirements: open-source software on Linux hosts connected to SDR’s. To perform RF transmission and target the provided platforms, relatively expensive feature rich radios need to be used.

  • Course Objective: NFC technology, how it works, and engages them in practical exercises on how to interact with certain NFC devices, then teaches them about attacks against such devices and various security measures.

    Laptop, Hardware, and/or Software Requirements: Laptops have at least 32GB of RAM and 200MB of free storage space. VMWare or Virtual Box installed.

  • Course Objective: a fundamental understanding of Android applications and exposure to mobile device interaction with vehicle components. Everyone will be introduced to application analysis and develop custom attack vectors targeting a custom application. An understanding of Android application creation and internals, along with the underlying operating system. Individuals will be exposed to the methodology and tools used by current industry in the reverse engineering and modification of Android programs. Typical vulnerabilities will be introduced. A custom Android application will be leveraged to interact with. Android emulation will be leveraged for a hands-on experience.

    Laptop, Hardware, and/or Software Requirements: A laptop which provides the capability to boot from a USB storage device for a 64-bit Intel/AMD architecture. This often means that it is not a corporate laptop in the case that there are restrictions in accessing and modifying the boot configuration. Having the virtualization extensions for the processor will speed up device emulation by allowing KVM to run. 16Gi of ram is a minimum since we will be working with emulated devices, but 32Gi would be optimal. A USB 3.x port for the storage device will help keep you sane during emulation startup.

    Configuration of the bootloader permitted to boot from a USB device.

    Software will be provided on the USB device. A list of tools and instructions for installation will be provided during the class for those who would like to run the tools natively, or who may have issues booting to the USB device.

  • Course Objective: gain essential Radio Frequency (RF) knowledge and skills for reverse engineering wireless systems in modern automobiles. Build a fundamental knowledge, explore core toolsets, and gain practical experience in setting up and configuring SDRs, along with essential tools for identifying, capturing, and transmitting RF signals.

    Laptop, Hardware, and/or Software Requirements: Laptops will need at least two USB ports to operate as a team and three USB ports to operate individually. Laptops must not have security measures in place that prevent the computer from booting off a USB drive. Certain laptops may have to enable the Legacy boot option in the BIOS settings to have the option to boot from USB. Laptop that can boot from a USB drive.

    Helpful topics to read beforehand:

    TPMS background: https://en.wikipedia.org/wiki/Tire-pressure_monitoring_system

    GNU Radio background: https://wiki.gnuradio.org/index.php/Tutorials

    FISSURE background: https://github.com/ainfosec/FISSURE

  • Course Objective: Understand the fundamental concepts of Software Defined Radio (SDR) and Radio Frequencies (RF), explore a variety of SDR hardware and software tools, develop practical skills in frequency analysis and signal transmission, learn to create custom applications using SDR, gain insights into the diverse applications of SDR in various industries, and apply SDR knowledge to real-world wireless analysis scenarios.

    Laptop and Hardware Requirements: 16GB of RAM, 500GB storage, support running a virtual machine with a minimum of 4GB of RAM and minimum of 40GB of storage, USB adapters, VirtualBox or VMWare Workstation/Fusion installed, VirtualBox Guest Additions or VMWare Tools, USB passthrough setup and working properly, the course will be in an OVA file to import into VirtualBox or VMWare Workstation/Fusion.

  • Course Objective: V2X (Vehicle-to-Everything), learn and understand what V2X is, the trust management in V2X network, privacy, and security. Learn vehicle-to-infrastructure (V2I), vehicle-to-network (V2N), vehicle-to-grid (V2V), vehicle-to-pedestrian (V2P), vehicle-to-device (V2D), vehicle-to-vehicle (V2G) which includes several V2X applications e.g., co-operative collision warning, lane changing warning, intersection collision warning, approaching emergency vehicle, rollover warning, work zone warning, coupling/decoupling, inter-vehicle communications and electronic toll collection.

    Laptop, Hardware, and/or Software Requirements: None

Advanced Guided Attacks

  • Advanced Guided Attacks

    Dates: April 29 - May 2, 2024

    Location: American Center for Mobility (ACM), Ypsilanti, Michigan

    Time: 8:00 - 5:00 PM EST

    Non-Member Price: $2,250 USD

    *Member Price: $2,000 USD

    **Auto-ISAC members ask Company Point of Contact (POC) for code. Codes are limited to 25 and based on first come first serve.

    *Payment methods: ACH, Credit, Invoice, or Debit Cards.

    Email: ACT@automotiveisac.com with questions.

    Purpose: This module aims to give the student specific experience with targeted adversarial actions within the vehicle ecosystem. These are highly specific attacks aimed at subverting aspects of vehicle systems. This module details various common attack vectors and technology enablers and the common countermeasures for these exploits.

    Module Description: There are three major components to this module: techniques & vulnerabilities, recreation of literature attacks, and novel attacks. The techniques and vulnerabilities section looks at emerging techniques of interest: Side Chanel Analysis and Fault Injection and each has about a half day of labs for students to acquire and then hone during practice these techniques. Following these, a series of attacks which recreate literature, or the concepts covered by literature / disclosures (e.g., remote keyless entry and relay attacks) with the intent of using these attacks to demonstrate both good and bad design principles and allowing students to understand level of effort, sophistication, and tooling costs to conduct such attacks. Lastly there is the “Assisted Attack (Right-Seat Ride)” day in which students work alongside an experienced ‘threat actor’ to create in real time, a novel attack against a system that has not yet been seen in literature – this gives the students the thrill of discovery and demonstrates the actual process from probe through discovery and planning to creating the exploitation. All material in the attacks section is remote and students can apply the software defined radio skills they learned from the Advanced Wireless module to engage the target and launch attacks against it.

    Module Goals and Application: The intent of this module is to show the students how threat actors think, what their tool set looks like (at least a portion of it) and what kinds of training, techniques, and procedures/processes they engage in during target acquisition through target exploitation. The goal of this insight is to help designers and defenders see how those attack paths can be leveraged and understand how to make harder targets and more resilient vehicles and components.

    Module Objectives: common attacks on vehicular systems, common types of extra vehicular attacks and operational factors associated with common chip technologies, set-up and operation for cellular based attacks, use of cellular for app compromise, guided attacks using previous software defined radios courses to demonstrate RKE attacks, use of side channel analysis to break production encryption, and use of fault injection.

    Alignments:

    UNECE R155: Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management systems.

    UNECE R156: UN Regulation No. 156-Software update and software update management systems.

    ISO/FDIS 24089: The requirements and recommendations apply to vehicles, vehicle systems, ECUs, infrastructure, and the assembly and deployment of software update packages after the initial development. It is applicable to organizations involved in software update engineering for road vehicles.

    ISO/SAE 21434:2021 Road Vehicles - Cybersecurity Engineering: This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.

    ISO 26262-1:2018: Road Vehicles - Functional Safety. intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production road vehicles, excluding mopeds.

    Prerequisites: Completion of Fundamentals Pathway, if no experience. Intermediate Experience or an experienced automotive and/or cybersecurity engineer and/or manager. Refer to Registration Guidance for additional information.

    Method: In-Person

    *Note: there are four courses that must be taken within this module in consecutive order because they build upon each other. They are:

    Sub-Module Course 1: Exploitation using Software Defined Radios

    Sub-Module Course 2: Example Attack Categories

    Sub-Module Course 3: RKE-PEPS Attack Tool Creation

    Sub-Module Course 4: TPMS Attack Tool Creation

    Certificate: Certificate of Completion

  • Course Objective: learn and understand the Intel / ARM, boot security, secure hardware features, trusted execution environments, and side-channel attacks. Learn the security flaws and features associated to both ARM and Intel, CHIPSEC, U-Boot, common secure boot vulnerabilities, pros and cons of secure hardware, hardware root of trust, trusted platform module (TPM), secure hardware extensions (SHE), trusted execution environments (TEE), TrustZone Trusted Operating Systems are discussed.

    Laptop, Hardware, and/or Software Requirements: None

  • Course Objective: focus is on creating awareness about Fault Injection (FI) through practical hands-on experiences with FI attacks and professional tools.

    The program will consist of lectures provided by the trainers and hands-on exercises with Riscure-provided FI test setups. Each participant will be challenged to build a functional FI setup and perform a successful FI attack on a training target provided by the trainer.

    Discussions on the overview of the FI process, building an FI setup, FI attack campaign, refining FI attack campaign process, differential fault analysis, electromagnetic (EM) FI and Laser FI overview, and a case study: UDS Security Access.

    Laptop, Hardware, and/or Software Requirements: the trainer will provide five (5) FI test setups. There is no requirement to bring your own laptop.

  • Course Objective Sub-Module Course 1 of 4: hands on workshop the use of software define radio, basic antenna design, up converters and how to build simple RF tools using GNURadio. The course forms the first of four parts and aims to build on attendees existing basic knowledge of RF and SDR to teach basics of some vehicle RF systems and means of exploitation.

    This course will provide an understanding of how to use SDR and simple RF tools to characterize and understanding the RF systems of a target vehicle with examples of TPMS and PEPS/RKE systems.

    Laptop, Hardware and/or Software Requirements: laptop with VMWare software, software defined radio (HackRF One, BladeRF or USRP), Nooelec upconverter, Powered USB 3.0 hub, 0.3mmx40m copper wire x 2, audio amplifier capable of 125KHz, various SMA and RP-SMA cables and adapters, operational SDR virtual machine.

    Electrical familiarity would be advantageous, good computer knowledge, usage of virtual machines and a basic knowledge of software defined radio (SDR).

    Resources provided: slide material, pre-built virtual machine, all GNURadio flowcharts and course material.

    Must attend all four (4) sub-modules courses in order (refer to Advanced Guided Attacks Duration: 40 hours for more information).

  • Pre-requisite: Completion of Sub-Module Course 1 of 4: Exploitation using Software Defined Radios

    Course Objective for Sub-Module Course 2 of 4: course will teach through a hands-on workshop several RF attack and vulnerability categories covering spoofing, jamming, relay and replay. This course will teach both the type of vulnerability where each attack category is useful but also how to design and implement each attack type.

    This module will also cover the engineering assumptions that have led to common vulnerabilities and how to design defensively.

    Laptop, Hardware, and/or Software Requirements: Software defined radio (HackRF One, BladeRF or USRP), Nooelec upconverter, Nooelec RTL SDR, Powered USB 3.0 hub, 0.3mmx40m copper wire x 2, Audio amplifier capable of 125KHz, Various SMA and RP-SMA cables and adapters, Operational SDR Virtual Machine, and a laptop and VMWare software.

    Electrical familiarity would be advantageous, good computer knowledge, usage of virtual machines and a basic knowledge of software defined radio (SDR).

    Resources provided: slide material, pre-built virtual machine, all GNURadio flowcharts and course material.

    Must attend all four (4) sub-modules courses in order (refer to Advanced Guided Attacks Duration: 40 hours for more information).

  • Pre-requisite: Completion of Sub-Module Course 1 of 4: Exploitation using Software Defined Radios and Sub-Module Course 2 of 4: Example Attack Categories.

    Course Objective for Sub-Module Course 3 of 4: This course will teach through a hands-on workshop the application of knowledge learned from sub-module courses 1 and 2 to characterize and attack traditional PEPS/RKE systems that make use of 125KHz near field and UHF far field. The attendees will work together in teams to create both the near field to UHF relay transmitter and the UHF to near field relay receiver and work in conjunction to exploit RKE/PEPS on a target car using a relay attack.

    This course will provide an understanding of how to apply previously learnt knowledge to build a RKE/PEPS relay tool focusing around the LF (near field) relay aspect of the attack.

    Laptop, Hardware, and/or Software Requirements: Software defined radio (HackRF One, BladeRF or USRP), Nooelec upconverter, Nooelec RTL SDR, Powered USB 3.0 hub, 0.3mmx40m copper wire x 2, Audio amplifier capable of 125KHz, Various SMA and RP-SMA cables and adapters, Operational SDR Virtual Machine, and a laptop and VMWare software.

    Electrical familiarity would be advantageous, good computer knowledge, usage of virtual machines and a basic knowledge of software defined radio (SDR).

    Resources provided: slide material, pre-built virtual machine, all GNURadio flowcharts and course material.

    Must attend all four (4) sub-modules courses in order (refer to Advanced Guided Attacks Duration: 40 hours for more information).

  • Course Objective for Sub-Module Course 4 of 4: hands-on workshop the application of knowledge learnt from module 1 and 2 to characterize and attack traditional TPMS systems that make use of UHF replay attack. The attendees will work create SDR tools to characterize, capture and replay UHF TPMS communications. This course will provide an understanding of how to use SDR and simple RF tools to characterize and understanding the RF systems of a target vehicle with examples of PEPS/RKE systems.

    Laptop, Hardware, and/or Software Requirements: Software defined radio (HackRF One, BladeRF or USRP), Nooelec upconverter, Nooelec RTL SDR, Powered USB 3.0 hub, 0.3mmx40m copper wire x 2, Audio amplifier capable of 125KHz, Various SMA and RP-SMA cables and adapters, Operational SDR Virtual Machine, and a laptop and VMWare software.

    Electrical familiarity would be advantageous, good computer knowledge, usage of virtual machines and a basic knowledge of software defined radio (SDR).

    Resources provided: slide material, pre-built virtual machine, all GNURadio flowcharts and course material.

    Must attend all four (4) sub-modules courses in order (refer to Advanced Guided Attacks Duration: 40 hours for more information).

  • Course Objective: focused on creating awareness about Side-Channel Attacks (SCA) through practical hands-on experiences with SCA attacks and professional tools.

    The classroom SCA training will be delivered by 2-3 trainers. The program will consist of lectures provided by the trainers and hands-on exercises with Riscure-provided SCA test setups. Each participant will be challenged to build a functional SCA setup and perform a successful SCA attack on a training target provided by the trainer.

    Discussion on the overview of the SCA process, power trace acquisition, signal processing - static alignment, Simple Power Analysis (SPA) overview, and Correlation Power Analysis Attack (CPA).

    Laptop, Hardware, and/or Software Requirements: Trainer will provide five (5) test laptops for each hardware test set-up. There is no requirement to bring your own laptop.

Advanced EV & EV Infrastructure

  • Advanced Electric Vehicle (EV) & EV Infrastructure

    Dates: March 4 - 8, 2024

    Location: American Center for Mobility (ACM), Ypsilanti, Michigan

    Time: 8:00 - 5:00 PM EST

    Non-Member Price: $2,250 USD

    *Member Price: $2,000 USD

    **Auto-ISAC members ask Company Point of Contact (POC) for code. Codes are limited to 25 and based on first come first serve.

    *Payment methods: ACH, Credit, Invoice, or Debit Cards.

    Email: ACT@automotiveisac.com with questions.

    Purpose: The Advanced EV and EV Infrastructure module examines security concerns on both sides of the charging event and helps automotive engineers understand potential threats to the GRID as well as how the GRID might interact with an EV during a charging event; it also, of course, looks at on-board components of an EV.

    Module Description: This module has three primary goals. Firstly, to understand the communications between vehicle and charger during the connection negotiation process and charging event to understand risks to both vehicle and infrastructure. Secondly, to understand in-vehicle risks of an electrical vehicle considering battery management. Thirdly, to understand the charging infrastructure at the GRID edge. Taken together, these three items will help the automotive engineer understand the increased attack surface and risk profile associated with EV and their interaction with the GRID’s charging infrastructure.

    Module Goals and Application: Students will learn about cybersecurity risks associated with vehicle charging – from charge negotiations and payment through the actual charging and teardown/cessation, the module will assist students to develop and execute security tests/validate risks. Additionally, students will be able to develop and communicate design requirements and perform vendor/technology evaluations. Furthermore, students will be able to evaluate technology at the GRID edge during charging events and better understand the concerns that energy providers and departments, such as DOE, have around automotive security. Lastly, students will be introduced to risks associated with energy storage and transmission in the vehicle itself with the intent to educate future vehicle architectures.

    Module Objectives: Students will be able to understand the CSS protocol and how it can be leveraged to attack charging events including set-up. Students will understand the purpose behind OCPP, and techniques utilized to abuse it. Additionally, students will be able to understand the purpose of PnC and create use-cases and methods to exploit it. Students will be taught GRID edge infrastructure to better understand how to schedule charging events and potential attacks that introduce instability. Lastly, students will focus on different cybersecurity concerns that affect EV’s with emphasis on how they store and transmit energy.

    Alignments:

    UNECE R155: Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management systems.

    UNECE R156: UN Regulation No. 156-Software update and software update management systems.

    ISO/FDIS 24089: The requirements and recommendations apply to vehicles, vehicle systems, ECUs, infrastructure, and the assembly and deployment of software update packages after the initial development. It is applicable to organizations involved in software update engineering for road vehicles.

    ISO/SAE 21434:2021 Road Vehicles - Cybersecurity Engineering: This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.

    ISO 26262-1:2018: Road Vehicles - Functional Safety. intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production road vehicles, excluding mopeds.

    Prerequisites: Completion of Fundamentals Pathway, if no experience. Intermediate Experience or an experienced automotive and/or cybersecurity engineer and/or manager. Refer to Registration Guidance for additional information.

    Method: In-Person

    Certificate: Certificate of Completion

  • Course Objective: Threat modeling techniques (an overview of threat modeling techniques including data flow diagrams (DFDs), lab: creation of EV Architecture DFDs; Threat Modeling in EV Systems (an overview of attack surfaces unique to EVs), lab: creation of EV Threat Modeling using DFDs, and touching a real attack surface (overview of techniques for enumeration and scanning of interfaces and protocols; lab: interacting with real protocols and services one might find in the above threat models.

    Laptop, Hardware, and/or Software Requirements: the ability to host a Virtual Machine, Ethernet (or USB-Ethernet) port.

  • Course Objective: hands-on training program that provides mixed scientific theory, systems and protocol analysis, hands-on practical assessment: guided exploit discovery, development, and exploitation. This will involve and require the use of computer and embedded hardware, power electronics, and signal analysis equipment and pre-prepared interactive software provided and owned by the trainer.

    Discussion on ISO 15118 and DIN 70121 protocol abuse and exploitation.

    Lab: ISO 15118 (non-) TLS Downgrade

    Laptop, Hardware, and/or Software Requirements: laptops must have the ability to load and run a Linux virtual machine. VirtualBox (free), VMWare Fusion (requires a paid license), or a similar alternative capable of running a generic Ubuntu-based virtual machine. Additional admin/root privileges will not be necessary as long as the software capable of running an unsigned virtual machine is preinstalled, and configured to allow I/O passthrough (ex. to be able to interact with USB devices through the host OS).

  • Course Objective: hands-on training program that provides mixed scientific theory, systems and protocol analysis, hands-on practical assessment: guided exploit discovery, development, and exploitation. This will involve and require the use of computer and embedded hardware, power electronics, and signal analysis equipment and pre-prepared interactive software provided and owned by the trainer.

    Discussion on Open Charge Point Protocol (OCPP) protocol abuse and exploitation, Introduction to OCPP sessions - “What did we just MiTM?”, Introduction to OCPP and WebSocket, OCPP [Mis]Configuration and pitfalls, OCPP Features and Device Enumeration, OCPP 1.6 vs. 2.x, security requirements, OCPP Certificate Management and Firmware Updates, Taint Flow of EV Charging Networks.

    Labs: Hands-on OCPP session TLS-i MiTM, Parallel OCPP sessions and OCPP Freevend fallback mode.

    Laptop, Hardware, and/or Software Requirements: laptops must have the ability to load and run a Linux virtual machine. VirtualBox (free), VMWare Fusion (requires a paid license), or a similar alternative capable of running a generic Ubuntu-based virtual machine. Additional admin/root privileges will not be necessary as long as the software capable of running an unsigned virtual machine is preinstalled, and configured to allow I/O passthrough (ex. to be able to interact with USB devices through the host OS).

  • Course Objective: hands-on training program that provides mixed scientific theory, systems and protocol analysis, hands-on practical assessment: guided exploit discovery, development, and exploitation. This will involve and require the use of computer and embedded hardware, power electronics, and signal analysis equipment and pre-prepared interactive software provided and owned by the trainer.

    Discussion on Combined Charging System (CSS), Power Line Carrier (PLC), and HomePlugGreenPhy (HPGP), Introduction and “protocol soup”, device and driver access to the stack, promiscuous mode in CSS,

    Lab: Sniffing HPGP/ISO 15118 traffic, CCS NMK extraction

    Laptop, Hardware, and/or Software Requirements: laptops must have the ability to load and run a Linux virtual machine. VirtualBox (free), VMWare Fusion (requires a paid license), or a similar alternative capable of running a generic Ubuntu-based virtual machine. Additional admin/root privileges will not be necessary as long as the software capable of running an unsigned virtual machine is preinstalled, and configured to allow I/O passthrough (ex. to be able to interact with USB devices through the host OS).

  • Course Objective: Pending

    Laptop, Hardware, and/or Software Requirements: Pending

  • Course Objective: develop an understanding of the energy grid and the common components used for managing grid resources, hands-on experience with example grid controllers and software.

    Laptop, Hardware, and/or Software Requirements: Modern Linux OS or Virtual Machine, Python3, one or more USB ports, wired ethernet adapter (USB adapter is ok), Wi-Fi adapter for software updates.

  • Continuation from Infrastructure I

    Course Objective: develop and understand the high-power Electric Vehicle (EV) charging infrastructure, how it is integrated with the energy grid, and the potential impacts, hands-on experience with EV charging stations and related technologies, and hands-on experience with today’s EV charging protocols and their strengths and weaknesses.

    Laptop, Hardware, and/or Software Requirements: Modern Linux OS or Virtual Machine, Python3, one or more USB ports, wired ethernet adapter (USB adapter is ok), Wi-Fi adapter for software updates.

What are the Next Steps?

After completion of the course training, you must schedule your Capability Exercise (CAPEX). This exam is a scenario-based online exercise developed to test your knowledge, skills, and abilities. Allow for eight (6) hours to complete the exercise.

The next CAPEX is scheduled for May 22, 2024. Registration is currently, not open.

Check out our ACT frequently asked questions (FAQ) page to learn more about the requirements for the CAPEX and additional details on how to maintain the CASE certification.

Email us with Questions at ACT@automotiveisac.com