What is security? This term represents an inexhaustibly large subject area. Here we reduce our offer to security considerations in the automotive and industrial sectors that are or can be related to functional safety. The aim is to protect the ECU & IT systems used against external and internal criminal attacks. In addition, SGS-TÜV Saar offers a Security for Safety analysis service and get yourself or your employees fit with our corresponding training and personal certification offer.
The increasing networking of components, small devices, systems and applications in cyberspace harbors additional risks. The targets of attack are very diverse, from PCs to SmartMobiles, SmartMeter and SmartHome solutions to Internet-enabled automobiles, just to give you a rough idea. Internet crime focuses on the automotive industry with its electronics and software as well as industrial production (mechanical engineering) including the critical infrastructure with its automation, process management and control systems (ICS).
Many of these devices have to be developed in a safety-oriented manner and implement safety functions in the process. Failure of the safety function caused by security issues can lead to injuries or in the worst case to death of persons. Here attackers could override the security functions that must be prevented in any case.
Functional safety must therefore be combined with security if there are external interfaces. This combination is not easy to implement in all cases, as safety requirements and security requirements are often difficult to implement at the same time. In safety, for example, there is a requirement that messages must be transmitted in real time, but that this can no longer be guaranteed due to the introduction of encryption techniques. In addition, numerous bus protocols are used in the industrial environment that do not contain any protection against attacks, such as MOD bus or CAN interface. The combination of security and safety is a challenge that SGS-TÜV Saar can support well. A lot of know-how for the practical implementation is available through numerous projects in different environments.
The newly emerging networking of previously isolated products or systems represents a newer challenge to the security of these systems. In addition, there is the increased amount of information that is collected, processed, sent and further processed. And some (have to) be stored for a longer period of time. Many products, systems and their components are inadequately protected for these changes.
As an accredited inspection body for Security for Safety (S4S), SGS-TÜV Saar supports you in the development, implementation and integration of secure functions and applications to secure components and communication through various advice and testing.
Of course, we are also at the forefront of future legislation and standardization so that we can always provide you with the latest know-how. We, the SGS Group, are a member of the European Public-Private Partnership (PPP) for Security for Safety from the European Commission and the European Cybersecurity Organization. We are also active on a national and global level in the field of standardization of ISO SAE 21434 for Security for Safety (S4S) in the automotive sector. We are also a member of the VDI working group FA512 "Security and Safety".
In addition, we are a participant in the German Alliance for Security for Safety (S4S) (initiated by the BSI - Federal Office for Information Security, BSI).
Our portfolio for you at a glance:
- Training programs and personal certification relating to Automotive Security for Safety (S4S)
- Training programs and personal certification relating to Industrial Security for Safety (S4S)
- Testing & certification of Smart Grid Communications Protocols according to IEC 62351
- Testing & Certification for Identity and Access Management (IAM) products
- Combination assessments and audits relating to Security & Functional Safety (S4S) (ISO 26262, IEC 61508, IEC 61511 + IEC 62443 + ISO SAE 21434 für product develepment)
- Consultancy, testing and certification relating to ISO 27001 and BSI Basic Protection
- Testing & certification of processes and products relating to Industrial IT Security according to IEC 62443-4-1 / -4-2 in combination with IEC 61508 / ISO 13849
- Testing & certification of processes and products relating to Automotive Security according to ISO SAE 21434
Contact us to learn more about our S4S Services.