Who this book is for

This book is for automotive engineers and security professionals who are expected to make their systems cyber-resilient through compliance with industry standards (specifically ISO21434 and UNECE REG 155-156). You may have a background in functional safety and are wondering what it means to develop a system that is both safe and secure. You may have a background in developing non-safety-relevant production software and are wondering how to add security-related features. You may also be a person who has a security background and is trying to transition into the automotive domain. Regardless of your background, this book is intended to provide you with a practical approach to automotive cybersecurity engineering that can be applied within a reasonable time frame and effort in a way that leverages your organization’s existing processes.

To ease the understanding of the concepts in this book, you will need to be familiar with basic automotive development processes that are applied through the V-model and basic principles of computer security. By the end of this book, it should be apparent to you why cybersecurity matters for automotive systems, how to integrate cybersecurity engineering with your development process, how to perform cybersecurity engineering activities efficiently within the time and engineering constraints of your system, and how to deploy cybersecurity controls at various layers of the vehicle and the ECU architecture. It is therefore the strategy of this book to demystify cybersecurity for automotive engineering teams and help them find ways to make cybersecurity an integrated property of their systems rather than a burden that must be de-prioritized to push products out of the door.