Software-supported threat analysis for connected E/E architectures

Automotive security specialist ESCRYPT is now offering CycurRISK, a software tool for threat analysis and risk assessment. It allows OEMs and suppliers to identify security vulnerabilities during vehicle development and systematically reduce cyberrisks.

UN R155 and other international regulations mean that a risk-based approach must now be taken to developing the E/E architecture in order to gain type approval. In addition, ISO/SAE 21434 “Road vehicles – Cybersecurity engineering” marks a new milestone in the security-compliant design of new connected vehicle architectures. A key component here is threat analysis and risk assessment (TARA): OEMs and suppliers can identify and remedy cybersecurity risks during the development process while continuously refining their risk analysis. This provides an effective way of reducing potential cyberattacks later on and avoiding damage and associated costs.

The ESCRYPT CycurRISK software now furnishes vehicle manufacturers and their suppliers with IT-based TARA to systematically support them during vehicle development and beyond. In particular, OEMs and suppliers will be able to examine not just individual systems but also the E/E architecture as a whole for security risks. ESCRYPT CycurRISK also makes it possible to map composite and especially sophisticated attack scenarios.

Lena Steden, ETAS Service Lead Security Engineering: “Traditional methods for assessing cyber risks are complex and not always efficient. ESCRYPT CycurRISK puts players in the automotive industry in a position to custom-integrate risk management into their cybersecurity strategy for all components. This means they always remain a step ahead of threats while also meeting the stringent requirements laid out in ISO/SAE 21434 and UN R155.”