What is required to work in Automotive cybersecurity jobs ?
CyberTalents has launched a series of webinars about cyber security jobs named What is required to work in cyber security jobs?. Throughout our webinars series we will be talking about different cyber security jobs, what is required to work in these jobs? Spotting each job, explaining it in detail, describing its daily operations, resources and training needed and much more. There are around 15 to 20 jobs in the cybersecurity field.However, before starting your career, you need to identify which one of those jobs you would like to master. Accordingly, draw your career path, build your plan and reach your ultimate goals.
Starting our series, we were honored to have “Mr. AJ Khan”, Director of apmaIAC and the Co-Chair of the Cyber Security Committee (CSC) of APMA. In the webinar, he covered a full understanding of the Automotive Cybersecurity job market and how to start your career in this field
What is Automotive cybersecurity?
Before talking about automotive cybersecurity let’s talk about automotive itself.
In the past, to drive a car you have to control steering, accelerating and breaking and all this stuff. In other words, you have to control the car by yourself. But now you don’t need to do all that you need to enter the direction and let the vehicle drive itself.
Electronic control units(ECUs), tiny automotive computers have replaced many of the mechanical and control systems in the vehicle. Connected vehicles are now able to act like a computer, sharing internet and network access with other cars and devices outside the vehicle.They can upload personal data and performance and receive information automatically.
Automotive cybersecurity is about securing all these automotive vehicles and preventing unwanted people from accessing the vehicle and abusing its function.
What are the required skills?
You need to be an ethical hacker and understand all the internal components in the vehicle which can be exploited.
This includes :
1 - OTA (over-the-air) Updates.
2 - Ransomware attack on the vehicle or car owner.
3 - Electronic control units (ECUs) : attacker can use ECU include the engine, the power
Train and the suspension to obtain access to the internal system.
4 - Cloud service provider : Which may be the weakest link and attacker may target it for the data it contains and can be used to gather data and it can be used as entry point to the vehicle itself.
5 - DDOS attacks.
6 - Remote Hacking attacks:
1 - wireless Carjacking
2 - Key Fob Cloning
7 - Attacks on IOT devices:
1 - Vehicle Tracking.
2 - GPS Jamming and Spoofing.
3 - Onboard wifi hotspot.
4 - Relay and spoofing attacks.
5 - Ultrasonic sensor attacks.
8 - You need to understand:
1 - How vehicle's connected components work together?
2 - What are the various ECU's in the vehicle itself?
3 - How are vehicles remotely connected?
4 - How does the V2X model connect to the vehicle?
What are the required skills for a cybersecurity incident responder?
1 - Understand the cyber side and also understand the forensics analysis side and know when the alert needs to be generated.
2 - telematics information!
What should fresh graduates do to start?
1 - Start with a cybersecurity essential course.
2 - Be familiar with hardware stuff like raspberry pi, arduino and build your own lab and you can use simulators.
Resources
1 - https://www.automotivecybersecuritycourse.com
2 - https://asrg.io/
3 - https://automotiveisac.com/
4 - Hacking Connected Cars: Tactics, Techniques and procedures 1st Edition