AUTOMOTIVE CYBERSECURITY

We combine ASPICE and Cybersecurity in one seamless framework

Ensure your product and processes are compliant with Automotive and Cybersecurity regulations and standards

Through the Software Defined Vehicle concept, Cybersecurity plays a significant role in vehicle safety, ensuring privacy and availability of systems. However, Cybersecurity no longer applies to Embedded Software systems alone. The recent UNECE regulations require that car manufacturers must implement management systems and have them audited for Cybersecurity by independent parties.

As part of our services, we design and deploy CySec processes and analyse the existing ones. We support the development of Embedded Software products according to the current Automotive and Cybersecurity regulations and standards. We also design and implement Cyber-software features.

HOW WE CAN HELP

Cybersecurity process design and engineering services

Our services range from performing Automotive Cybersecurity analyses and audits to designing and developing security solutions and processes.

account_tree

CSMS Process

CSMS strategy
Gap analysis and improvements
CSMS process design, definition and deployment
CSMS pilot projects execution
Tooling selection and adaptation

code

Product Development

Cybersecurity analyses, such as TARA, VA acc. to ISO21434
Cybersecurity Concept definition
System and software development compliant with ISO21434/UN R155
Project Cybersecurity management
Compiling Cybersecurity specifications
Embedded testing (fuzzy, pentests, static)
Backend pentests
Software update or software update management system (SUMS, R156)

terminal

Development and Test Environment

Design and implementation of a development environment compliant with ASPICE, Cybersecurity and Functional Safety requirements
Definition and implementation of KPI measurement
Cybersecurity tooling integration and adoption to existing CI/CD

How we do it

Our unified approach merges the ASPICE framework and Cybersecurity requirements of ISO 21434 and UNECE regulations, which in most Automotive software development projects go hand in hand. We established the process based on our internal FOTA project.

READ ABOUT FOTA

Our work process is designed to meet your unique needs

We approach each client case individually, adjusting our process to specific needs. By understanding the unique challenges and objectives of every project, we can deliver the best results possible. Our team of experts collaborates closely with clients, fostering a transparent and communicative partnership.

engineering

Experts

Senior engineers
Domain experts
Highly flexible

arrow_downward

Laptop or VDI access to customer environment (usually 1-2 weeks)

deployed_code

Work package

Closed work package handled by Spyrosoft
Set of experts needed to deliver the work package

arrow_downward

Communication channels, access to experts, project handbook, process definition (usually 2-3 weeks)

sweep

Service

Identify work packages plan and ensure execution and compliance with international or customer standards

arrow_downward

Communication channels, access to experts, project handbook, process definition (start with key experts in 2-3 weeks, full team within 1 month)

THE ADVANTAGES WE OFFER

What makes us a reliable partner?

3-5 years of experience in the field of Cybersecurity in Embedded Systems
In-depth knowledge of ISO 21434, TISAX and 27k1
One, integrated framework for ASPICE, FUSA and Cybersecurity
Custom-fit approach to each client

Meet our experts

Tomasz Lokietek

Head of Embedded Functional Safety and Cybersecurity

I am a certificated Automotive Consultant with over 15 years of experience in the computer software industry. I have extensive experience in Kaizen, Electronics, Automotive, R&D and Manufacturing gained by working with leading IT companies in Europe. I am also an accomplished professional with an executive MBA focused in Business Administration, Management and Operations from Polish Open University. At Spyrosoft, I support key clients from the Automotive business unit in implementing Functional Safety solutions.

Meet our experts

Karol Zagrodzki

Embedded Security Engineer

I am a certified Automotive Cybersecurity Engineer with a background in Embedded C. I have extensive experience in Cybersecurity processes, including performing Threat and Risk Assessments (TARAs) and developing Cybersecurity Concepts for embedded systems. Additionally, I am proficient in designing security solutions both within and outside developed ECUs, employing cryptography and other security principles.

Meet our experts

Srikanth Pulluri

Senior Cybersecurity Manager

I have worked as a Cybersecurity Subject Matter Expert (SME) with hands-on experience in Embedded Security Design and Development, using Embedded C. I also have experience in Requirements Engineering and have served as the Single Point of Contact (SPOC) for customers regarding technical topics. I’ve managed multiple components (ECUs) for end-to-end Cybersecurity Lifecycle activities and have practical experience in team management, Cybersecurity planning, and execution.

CASE STUDY

Project FOTA

FOTA is our internal project, which aims to achieve the Cybersecurity work products implementation framework as per the CSMS process, in compliance with ISO 21434 and Spyrosoft-specific policies and procedures, also seamlessly merged with ASPICE.

FOTA demonstrates that it’s possible to create a unified process that can serve customer-specific needs and leads to achieving the required protection, while meeting all the industry-specific requirements.

READ FULL CASE STUDY

Ensure your project and processes follow the ASPICE standard and meet the Cybersecurity requirements of ISO 21434 and UNECE

Tomasz Lokietek

Head of Embedded Functional Safety and Cyber Security

tlo@spyro-soft.com