FlatPress My FlatPress blog FlatPress Admin 2019 2019-10-13T22:36:50+00:00 Admin ~/ Participation and Keynote Speech at: Gate4SPICE Event "Risk Assessment as a practice in Automotive industry and its view across ASPICE, Functional Safety and Cyber Security" on May 17th, 2019 ~/?x=entry:entry190520-162948 2019-05-20T16:29:48+00:00 2019-05-20T16:29:48+00:00

This year’s Gate4Spice Event was hosted by WABCO in Hannover. High-level participation of CQO and CTO revealed clearly the importance level that WABCO has internally assigned to the topic of ASPICE. To emphasize the role of different standards (ASPICE, Functional Safety and Cyber Security) and their application/relevance in truck industry, trends in commercial vehicles and the importance of Risk assessment as a proactive step was presented by Senior Director-Engineering and Project Management Quality.  Amongst more presentations by Quality leadership as well as technical leadership the topic of CyberSecurity in Software development was presented by Dr. Joachim Leder providing an informal insight into concept and challenges imposed by CyberSecurity. In an interactive session around the Cybersecurity and ASPICE collaboration with Dr. Rajesh Ganji from WABCO the introduction to  cyber security in automotive and also the work done by Intacs workgroup setup to reflect (Cyber)Security within ASPICE concept.
In the course of the afternoon, Joachim also led a workshop with about 20 participants out of the Gate4Spice audience. This was set up as a concept discussion – What could be provided as an input to the Cyber security workgroup  by gathering proposals for improvement, changes and supporting informations.

Presentation at Automotive Circle „Assembly“, February 2019, Bad Nauheim ~/?x=entry:entry190122-095247 2019-01-22T09:52:47+00:00 2019-01-22T09:52:47+00:00

P2200073_2.jpgConference subject:
“Assembly in the tension field between digitalisation and IT security”

Main topics:
- Process optimization in assembly and logistics
- New technologies from the smart factory
- Cyber Security
- Human resources — the assembly worker

Dr. Joachim Leder presented on Wednesday, February 20th:

Risk analysis and threat analysis - the starting point of an effective security concept

Based on the concept of Security Lifecycle and the Compass Rose of Security the principles of Analysis were presented:

- System Security Analysis as the process of 
   > identifying the boundaries and assets of the system, 
   > understanding system vulnerabilities and 
   > evaluating possible damages
- Threat Analysis as the process of
   > identifying and understanding the threats,
   > their actors,
   > evaluating their capabilities and motivations
- Risk Analysis as
   > a combination of the results of threat and system analyses
   > to create a priority-ordered list of risks and associated controls

Using the hands-on example of V2V (Vehicle - to - Vehicle) communication in an environment of autonomous driving, the process of identifying Impact Levels and combining possible attackers with respective capabilities to yield a Threat Level Matrix has been described by Joachim and an evaluation method including an algorithm patterned on ISO/SAE 21434 proposal was presented.

Finally a scenario of possible risk mitigations was included in order to demonstrate priority adaptations in the process of Planning and Execution implementation.

The presented concept and process relates directly to the given presentation of Emmanuel Ifrah from SEGULA:

OT Cyber Analytics

For the full conference agenda topics please visit: AutCircle Assembly, Bad Nauheim

Participation on Info-Session for WSFB-consultant training on Dec 14th, 2018 ~/?x=entry:entry181214-173554 2018-12-14T17:35:54+00:00 2018-12-14T17:35:54+00:00

WSFB-Diamond.jpgDuring this afternoon, a representative of “WSFB Beratergruppe Wiesbaden” provided a brief overview of the concultant concept of the company. Main focus was on the general understanding of the underlying “Diamond”-principle which was developed as a 3rd step after

a) the times where there was a sharp distinction between PROCESS-consulting and SUBJECT-SPECIFIC-consulting and
b) the times where this was considered jointly.

The “Diamond”-principle is a systemic and integrating consulting concept which is closely connected to the specific business impact. It fosters organizational development embedded in business needs.

The info-session was meant to be an introduction to the WSFB consultant trainings which take place twice a year. These consist of 9 learning modules - each 3 days in duration:

1. Initial Workshop
2. Analysis
3. Consulting Supervision I
4. Diagnosis
5. Consulting Supervision II
6. Architecture I
7. Architecture II
8. Consulting Supervision III
9. Final Workshop

Keynote Presentation at Automotive Innovation Summit Conference, Audi Forum, Neckarsulm ~/?x=entry:entry181128-114856 2018-11-28T11:48:56+00:00 2018-11-28T11:48:56+00:00

AutSum2018_JLE_IMG_2620.jpgAutomotive_Summit_112018.jpgThe central topics of this Automotive Expert Conference were

a) Autonomous Driving
b) Electrification
c) Big Data
d) Cyber Security

Cultural and Ethical aspects of electrified and autonomous driving were shown as future main considerations in governmental activities as well as for the development of software algorithms. 

The sensoric concepts of autonomous vehicles are currently very much different between the existing prototype applications all over the world and it seems appropriate to consider a maximal diversified approach in order to mimick human sensoric.

Each industrial equipment nowadays provides a huge amount of data during installation and operation. Therefore strategies and tools to use these big data amounts are required and methods for analytics were presented. Nevertheless the more data are generated and apt to communication and distribution the more vulnerabilities arise in the IT and in the general manufacturing arena. 

Risk and threat analysis were discussed in workshops and panel discussion were held to consider Cyber Security aspects. Not only IT-based Security risks in Cloud Applications and Digital Manufacturing Systems are of concern, but in the scope of an obviously required – but not yet established – Security Culture in OEMs and Suppliers a Security Lifecycle needs to consider also Physical Security, Product Security and Process Security. Dr. Joachim Leder presented an overview of Cyber Security in Manufacturing with all relevant topics and the necessary activities among affected parties.

Cyber Security in Manufacturing

1. Goals of Security

 - CIA Triad

2. The Evolving Vulnerable Flanks

 - Possible attack goals

 - From single parts to complete vehicle

3. Security Needs of Manufacturing

 - Security Lifecycle

4. Establishing Security in Manufacturing

- Major tasks

5. Outlook for the Future

 - Next security focus

Participation at AGILE Automotive Conference in Stuttgart ~/?x=entry:entry181116-102518 2018-11-16T10:25:18+00:00 2018-11-16T10:25:18+00:00

Agile_Automotive_112018.jpgIn the course of the conference with about 140 participants there were 5 workshops executed dealing mainly with Agile basic concepts and 14 presentations were shown. 
As well OEMs as suppliers/consultants were able to show details of latest applications of Agile Concepts to development processes. Suppliers/consultants focused on availabe tools and capabilities.

Main considerations focused on 
a) challenges in the starting phase, 
b) management of risks and roadblocks during execution and finally 
c) achievements and lessons learned

Among challenges the foremost mentioned were “top management as main initiator”, “drive team with direct top management access” and “early consideration of all relevant areas of the company”

Risks and roadblocks arouse from the necessity to adopt the generic agile principles to reality. Different approaches depending on the size of the affected development teams and the availale resources were openly discussed.

Some tremendous achievements could be shown which ranged from the application of moderately modified principles in smaller or midsize organizations up to the full-scale application of principles to a complete vehicle development area.