Project FOTA

One seamless approach to ASPICE and automotive cybersecurity requirements



As vehicles become more connected through the internet, wireless networks, and various communication protocols, they also become vulnerable to cyber threats. Cybersecurity in the context of road vehicles serves to protect the E/E components by analysing the unintended damage due to unidentified vulnerabilities of interfaces, implemented solutions and technologies. Given these potential risks, automakers, suppliers, and other stakeholders in the automotive industry need to prioritise cybersecurity throughout the entire lifecycle of a vehicle, from design and manufacturing to ongoing maintenance and updates.


  • Automotive safety
  • Cybersecurity

Automotive safety and security compliance

At Spyrosoft, we provide end-to-end automotive cybersecurity services: we design and deploy cybersecurity processes and analyse the existing ones, support the development of embedded software products according to the current automotive and cybersecurity regulations and standards, as well as design and implement cyber-software features. 

Since the cybersecurity requirements of ISO 21434 and UNECE regulations go hand in hand with the ASPICE framework in most automotive software development projects, we established a unified approach that merges all the requirements. The process was designed based on our internal FOTA project.

About the project

CSMS FOTA is Spyrosoft’s internal project in the area of automotive cybersecurity. The key objective is to achieve the cybersecurity work products implementation framework as per the CSMS process, in compliance with ISO 21434 and Spyrosoft-specific policies and procedures.

The framework is developed in such a way that it can be reused for customers with minimal modifications.

Project steps

The project was developed in two phases:

Concept Phase:

  • Item Definition for CSMS FOTA
  • Threat Analysis and Risk Assessment within the Item definition
  • Cybersecurity Goals to be achieved to protect CSMS FOTA component from unintended security breaches
  • Cybersecurity Concept (Derivation of high-level operational requirements to protect CSMS FOTA component)

Product Development Phase:

  • Cybersecurity Specification derivation (System & Software)
  • Security Design (HLD & LLD)
  • Cybersecurity implementation (configurations & algorithms)
  • Vulnerability Analysis and Management (specification, design, code, verification and validation)
  • Cybersecurity Verification and validation for all levels (concept, specification, design, implementation)

The results

FOTA demonstrates that it’s possible to create an effective process that can serve customer-specific cybersecurity needs and lead to achieving required protection, while meeting industry-specific standards, such as ASPICE.


Interested in working together?
Get in touch.

Paweł Grygiel

Pawel Grygiel

Director of Automotive

+48 504 758 786

    Spyrosoft collects the above data to contact you in order to process your inquiry. You can opt out of communication at any time. More information can be found in our Privacy Policy.