The module starts with an instructor-led session. The goal is to establish small virtual learning groups through team building. We introduce the curriculum and learning platform and answer learners’ questions. We provide an overview of automotive cybersecurity, and we explain an example item, such as the electrical steering column lock (ESCL), which runs throughout the learning program.

The module examines automotive cybersecurity standards and regulations in different regions. We explain the management of cybersecurity at the organizational and project level according to ISO/SAE 21434. Furthermore, we show why and how cybersecurity is a shared responsibility between customer and supplier.

The module covers the heart of ISO/SAE 21434: threat analysis and risk assessment (TARA). The learner is guided through the process from asset identification to risk assessment and treatment. Helpful taxonomies such as the European Union Agency for Cybersecurity (ENISA) asset and threat taxonomies and threat modeling methods such as STRIDE are introduced. The module includes an instructor-led session.

The module provides the learner with an overview of cybersecure product development, starting with the cybersecurity concept and the elicitation of cybersecurity goals and requirements. The focus is on design and coding principles and related guidelines such as NIST SP 800-160 Vol.1, Motor Industry Software Reliability Association (MISRA), and CertC. The module concludes with a look at automotive verification and validation, including penetration testing and fuzz testing.

The module examines the more technical side of cybersecurity, including cryptography, hardware security and secure operating systems, as well as how to maintain the security of automotive systems through software updates. The module also covers intrusion detection and intrusion prevention. An instructor-led session is included.

This module concludes the curriculum with a look at cybersecurity beyond the project scope. We cover continual cybersecurity activities, including field monitoring, along with vulnerability management and incident response. Finally, we review the requirements and good practices regarding the end of cybersecurity support and decommissioning.

• Monday: Self-study of given material, i.e., video, papers, book chapters and relevant standards/regulations — 1 hour
• Tuesday: Online group meeting to discuss technical lead questions and the weekly group assignment — 1 hour
• Wednesday: Offline individual work to solve the committed part of the group assignment — 2 hours
• Thursday: Online group meeting to discuss, combine individual results and upload the group assignment to the Campus learning platform — 2.5 hours
• Friday: Online group meeting to review other team’s group assignment results; take individual weekly exam — 1.5 hours

1. Do you work in electronics development in the automotive sector?
2. Do you have practical experience in at least one of the following areas?
   • Software development or engineering
   • Electronics hardware development
   • Electronics testing
   • Process development in electronics development
   • Management in electronics development
   • Quality assurance or assessment in engineering departments
3. Are you currently working or will you soon be working on projects involving cybersecurity according to ISO/SAE 21434?
4. Do you speak English fluently enough to actively participate in a technical discussion?
5. Can you make group learning a priority for eight hours a week for six weeks in a row without being the one setting the schedule?

If you answered yes to all these questions, you are in a position to benefit from attending this learning program.

If you answered no to any of these questions, please contact campus@ul.com to see if there are other options for your specific training needs.