Averting risks

F+S: Security

The weakest link in the chain

Automotive software has to be prepared for external threats. Our competence, risk consciousness and high quality standards ensure that it does.

Security in the automotive sector: a top issue
IT security is an issue of increasing importance in automotive applications, especially since Car-to-X communication is integral to automatic driving. One has to consider more than just the vehicles.

Overview of the entire system
As with functional safety, successful security systems also require high problem awareness. Without this awareness of the risks and potential damage that can result from insufficient IT securiy, it is impossible to develop a suitable solution.

We regard the term "automotive security" to be problematic. It suggests that an automobile can be made secure in itself. But it is decisive to have a view of the "big picture". Security of the control devices or the vehicles alone is not enough.

Because a secure vehicle requires the entire infrastructure to be secure - from the manufacturer's databases to the garages, from the infotainment services to the entire Car-to-X communication. Especially with respect to security it is important to remember: a chain is only as strong as its weakest link.

"Security Engineering": Design - Implementation - Testing
The manufacturer specifies the security system for the interfaces of a control device. But the design and implementation of the software for the control device are especially susceptible to error. This opens up many back doors and gateways for attackers.

Especially if a control device combines several functions that should be mutually secured by means of firewalls, specific design knowledge and careful implementation are very important. In addition, conscientious testing is necessary to ensure that everything has been implemented correctly. It is worth repeating: the overall system has to be secure.

Comprehensive consultation and process improvement
The issue of security places new demands on the process. Especially the secrecy of critical information in the engineering, change and configuration management processes necessitates new approaches.

"Security by obscurity" alone is never a good solution; attackers can guess or determine secrets by patient reverse engineering. However, the more attackers know about a system, the easier it is for them to find weak spots.

The bottom line is that always a comprehensive perspective is necessary - which is how we approach security as consulting experts.

Our services
F+S has a great deal of cross-industry experience in security. This know-how, combined with our expertise in the automotive sector, makes us a valuable partner with respect to security:

  • Our system and software developers have the necessary awareness of potential problems, they know all the requirements, they avoid weak spots even in the most complex designs and they implement and test the software very carefully with all requirements in mind.
  • We evaluate, improve and complement your development processes so that they also comply with the security requirements.