Abstract
The automotive-mobility sector is shifting towards connected, digital, cyber secure and automated vehicles [66] with a significant degree of dynamic and adaptive behaviour, driven by software. To be able to cope with this change and be able to propose innovative solutions, engineers must be able to understand domain-specific knowledge. In this paper, we introduce the skill set defined as the basic skills/competence and knowledge of the automotive cybersecurity managers and engineers and present the pilot course implementation example developed to cover the competence needs and requirements. The skill card is based on the analysis of different stakeholders’ viewpoints and combined views from different technical domains; mainly mechatronics, computer science, software engineering, and cybersecurity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Messnarz, R., Horvat, R.V., Harej, K., Feuer, E.: ORGANIC-Continuous Organisational Learning in Innovation and Companies. In: Proceedings of the E2005 Conference, E-Work and E-commerce, Novel solutions for a global networked economy, eds. Brian Stanford Smith, Enrica Chiozza, IOS Press, Amsterdam, Berlin, Oxford, Tokyo, Washington (2005)
Alexander, M.: Automotive Security: Challenges, Standards and Solutions, Software Quality Professional, September (2016)
Riel, A., Draghici, A., Draghici, G., Grajewski, D., Messnarz, R.: Process and product innovation needs integrated engineering collaboration skills. In: Journal for Software: Evolution and Process 24(5), Wiley (2012)
Riel, A., Kreiner, C., Messnarz, R., Much, A.: An architectural approach to the integration of safety and security requirements in smart products and systems design. CIRP Ann. 67(1), 173–176 (2018)
Riel, A., Tichkiewitch, S., Messnarz, R.: The Profession of Integrated Engineering: Formation and Certification on a European Level. Academic J. Manufacturing (2008)
Riel, A., et al.: EU Project SafEUr – competence requirements for functional safety managers. In: Winkler, D., O’Connor, R.V., Messnarz, R.: (eds) Systems, Software and Services Process Improvement. EuroSPI 2012. Communications in Computer and Information Science, vol 301. Springer, Berlin, Heidelberg
EU Blueprint Project DRIVES https://www.project-drives.eu/ Access date: 6 Apr (2020)
Feuer, É., Messnarz, R.: ORGANIC - continuous organisational learning in innovation and companies. In: ICETA 2005. 4th International Conference on Emerging E-learning Technologies and Applications. Proceedings. Kosice (2005)
Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: A security-aware hazard and risk analysis method. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 621-624 (2015)
Macher, G., Messnarz, R., Kreiner, C., et al.: Integrated Safety and Security Development in the Automotive Domain, Working Group 17AE-0252/2017–01–1661, SAE International (2017)
GEAR 2030, European Commission, Commission launches GEAR 2030 to boost competitiveness and growth in the automotive sector (2016) http://ec.europa.eu/growth/tools-databases/newsroom/cf/itemdetail.cfm?item_id=8640
Hirz, M.: Automotive mechatronics training programme - an inclusive education series for car manufacturer and supplier industry. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 341–351. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_25
Höhn, H., Sechser, B., Dussa-Zieger, K., Messnarz, R., Hindel, B.: Software Engineering nach Automotive SPICE: Entwicklungsprozesse in der Praxis-Ein Continental-Projekt auf dem Weg zu Level 3. Systemdesign, dpunkt. Verlag, Kapitel (2015)
https://conference.eurospi.net/images/eurospi/spi_manifesto.pdf Access 20 Apr, 2021
Innerwinkler, P., et al.: TrustVehicle--improved trustworthiness and weather-independence of conditionally automated vehicles in mixed traffic scenarios International Forum on Advanced Microsystems for Automotive Applications, pp. 75–89 (2018)
Ito, M.: Supporting process design in the autonomous era with new standards and guidelines. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 525–535. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_39
Stolfa, J., et al.: DRIVES—EU blueprint project for the automotive sector—A literature review of drivers of change in automotive industry. In: Journal of Software: Evolution and Process, Volume32, Issue3, Special Issue: Addressing Evolving Requirements Faced by the Software Industry (2020)
Korsaa, M., et al.: The SPI Manifesto and the ECQA SPI manager certification scheme. J. Software: Evolution Process 24(5), 525–540 (2012)
Korsaa, M., et al.: The people aspects in modern process improvement management approaches. J. Software: Evolution Process 25(4), 381–391 (2013)
Kreiner, C., Messnarz, R., Riel, A., et al.: The AQUA automotive sector skills alliance: best practice in an integrated engineering approach. Software Quality Professional 17(3), 35–45 (2015)
Kreiner, C.J., et al.: Automotive knowledge alliance AQUA - integrating automotive SPICE, six sigma, and functional safety. In: Systems, Software and Services Process Improvement 20th European Conference, EuroSPI 2013, Dundalk, Ireland, June 25–27 2013. Proceedings, pp. 333 – 344 (2013)
Kreiner, C.J., et al.: Integrating functional safety, automotive SPICE and six sigma – the AQUA knowledge base and integration examples. In: Systems, Software and Services Process Improvement 21st European Conference, EuroSPI 2014, pp. 285 – 295 (2014)
Macher, G., et al.: A study of electric powertrain engineering - its requirements and stakeholders perspectives. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 396–407. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_29
Macher, G., Brenner, E., Messnarz, R., Ekert, D., Feloy, M.: Transferable competence frameworks for automotive industry. In: Walker, A., O’Connor, R., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2019. Communications in Computer and Information Science, vol 1060. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_12
Macher, G., Much, A., Riel, A., Messnarz, R., Kreiner, C.: Automotive SPICE, safety and cybersecurity integration. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 273–285. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_23
Macher, G., Diwold, K., Veledar, O., Armengaud, E., Römer, K.: The quest for infrastructures and engineering methods enabling highly dynamic. Autonomous Systems European Conference on Software Process Improvement, pp. 15–27 (2019)
Macher, G., Druml, N., Veledar, O., Reckenzaun, J.: Safety and security aspects of fail-operational urban surround perceptION (FUSION), International Symposium on Model-Based Safety and Assessment, pp. 286–300 (2019)
Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting cyber-security based on hardware-software interface definition systems. Software and Services Process Improvement - 23nd European Conference, EuroSPI 2016 Proceedings, Springer (2016). https://doi.org/10.1007/978-3-319-44817-6_12
Messnarz, R., et al.: Implementing functional safety standards – experiences from the trials about required knowledge and competencies (SafEUr). In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2013. Communications in Computer and Information Science, vol 364. Springer, Berlin, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39179-8_29
Messnarz, R., et al.: Automotive cybersecurity engineering job roles and best practices – developed for the eu blueprint project DRIVES. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 499–510. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_37
Messnarz, R., Ekert, D., Grunert, F., Blume, A.: Cross-cutting approach to integrate functional and material design in a system architectural design – example of an electric powertrain. In: Walker, A., O’Connor, R., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2019. Communications in Computer and Information Science, vol 1060. Springer, Cham (2019) https://doi.org/10.1007/978-3-030-28005-5_25
Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2019. Communications in Computer and Information Science, vol 1060. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_42
Messnarz, R., Nadasi, G., O’Leary, E., Foley, B.: Experience with teamwork in distributed work environments. Proceedings of the E2001 Conference, E-Work and E-commerce, Novel solutions for a global networked economy, eds. Brian Stanford Smith, Enrica Chiozza, IOS Press, Amsterdam, Berlin, Oxford, Tokyo, Wash-ington (2001)
Messnarz, R., König, F., Bachmann, V.O.: Experiences with trial assessments combining automotive SPICE and functional safety standards. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2012. Communications in Computer and Information Science, vol 301. Springer, Berlin, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31199-4_23
Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Software Quality Professional 18(4), 3–23 (2016)
Messnarz, R., Much, A., Kreiner, C., Biro, M., Gorner, J.: Need for the continuous evolution of systems engineering practices for modern vehicle engineering. In: Stolfa, J., Stolfa, S., O’Connor, R., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2017. Communications in Computer and Information Science, vol 748. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_36
Messnarz, R., Sauberer, G., Mac an Airchinnigh, M., Biro, M., Ekert, D., Reiner, M.: Shifting paradigms in innovation management – organic growth strategies in the cloud. In: Walker, A., O’Connor, R., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2019. Communications in Computer and Information Science, vol 1060. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_3
Messnarz, R., Sehr, M., Wüstemann, I., Humpohl, J., Ekert, D.: Experiences with SQIL – SW quality improvement leadership approach from Volkswagen. In: Stolfa J., Stolfa S., O’Connor R., Messnarz R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2017. Communications in Computer and Information Science, vol 748. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_35
Messnarz, R., et al.: Social responsibility aspects supporting the success of SPI. J. Softw. Evol. Process 26(3), 284–294 (2014)
Messnarz, R., Kreiner, C., Riel, A.: Integrating automotive SPICE, functional safety, and cybersecurity concepts: a cybersecurity layer model. Software Quality Professional (2016)
Messnarz, R., Kreiner,C., Riel, A., et al.: Implementing functional safety standards has an impact on system and sw design - required knowledge and competencies (SafEUr). Software Quality Professional (2015)
Biró, M., Messnarz, R., Colomo‐Palacios, R.: Software process improvement leveraged in various application domains. In: J. Software: Evolution Process 26(5), 465–467, Special Issue: Software process improvement leveraged in various application domains (2014)
Korsaa, M., et al.: The people aspects in modern process improvement management approaches. In: J. Software: Evolution Process 25(4), 381–391, Special Issue: Selected Industrial Experience Papers of EuroSPI 2010 (2013)
R. Messnarz, G., Spork, A., Riel, S.: Tichkiewitch, dynamic learning organisations supporting knowledge creation for competitive and integrated product design. In: Proceedings of the 19th CIRP Design Conference – Competitive Design, Cranfield University, 30–31, p. 104 (2009)
Messnarz, R., et al.: InnoTEACH – Applying principles of innovation in school. In: Stolfa, J., Stolfa, S., O’Connor, R., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2017. Communications in Computer and Information Science, vol 748. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64218-5_24
Messnarz, R., Kreiner, C., Macher, G., Walker, A.: Extending automotive SPICE 3.0 for the use in ADAS and future self‐driving service architectures. In: J. Software: Evolution and Process 30(5), Wiley (2018)
Messnarz, R., Ekert, D.: Assessment‐based learning systems - learning from best projects. In: Wiley Inerscience, Software Process Improvement in Practice, https://doi.org/10.1002/spip.347 , Volume12, Issue6, Special Issue: Special Issue on Industrial Experiences in SPI, pp. 569–577 (2007)
Messnarz, R., Ekert, D., Reiner, M., O’Suilleabhain, G.: Human resources based improvement strategies—the learning factor. J. Software: Evolution Process 13(4), 355–362 (2008)
Messnarz, R., O’Suilleabhain, G., Coughlan, R.: From process improvement to learning organisations. In: J. Software: Evolution and Process 11(3), 287–294, Special Issue: Special Issue on SPI Industrial Experience, (2006). https://doi.org/10.1002/spip.272
Messnarz, R., et al.: Integrated automotive SPICE and safety assessments. In: WILEY Software Process: Improvement and Practice, Volume14, Issue5, Special Issue: Part 1: Special Issue on SPI Experiences and Innovation for Global Software Development, (2009), pp. 279–288, https://doi.org/10.1002/spip.429
Messnarz, R., et al.: Social responsibility aspects supporting the success of SPI. In: J. Software: Evolution and Process 26(3), pp. 284–294, Special Issue: Software Process Assessment and Improvement (EuroSPI 2011) (2014)
Ringdorfer, M., Griessnig, G., Draxler, P., Schnellbach, A.: A systematical approach for “system item integration and testing” in context of ISO 26262. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 555–567. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_42
Schmittner, C., Macher, G.: Automotive Cybersecurity Standards-Relation and Overview International Conference on Computer Safety, Reliability, and Security, pp. 153–165 (2019)
Schmittner, C., et al.: Innovation and transformation in a digital World-27th interdisciplinary information management talks. Trauner Verlag Universitat 2019, 401–409 (2019)
Stolfa, J., et al.: Automotive Quality Universities - AQUA alliance extension to higher education. In: Kreiner C., O’Connor R., Poth A., Messnarz R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2016. Communications in Computer and Information Science, vol 633. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44817-6_14
Stolfa, J., et al.: Automotive engineering skills and job roles of the future? In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) EuroSPI 2020. CCIS, vol. 1251, pp. 352–369. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_26
Automotive SPICE© 3.1, Process Assessment Model, VDA QMC Working Group 13 / Automotive SIG (2017)
Automotive SPICE © Guidelines, 2nd Edition Nov 2017, VDA QMC Working Group 13 (2017)
ISO - International Organization for Standardization. “ISO 26262 Road vehicles Functional Safety Part 1–10” (2011)
ISO – International Organization for Standardization. “ISO CD 26262–2018 2nd Edition Road vehicles Functional Safety” (2018)
ISO/SAE 21434, Road vehicles – Cybersecurity engineering, ISO and SAE, Committee Draft (2020)
KGAS, Konzerngrundanforderungen Software, Version 3.2, Volkswagen LAH 893.909: KGAS_3602, KGAS_3665, KGAS_3153, KGAS_3157 (2018)
SAE J3061, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, SAE - Society of Automotive Engineers, USA (2016)
SOQRATES, Task Forces Developing Integration of Automotive SPICE, ISO 26262 an d SAE J3061 http://soqrates.eurospi.net/
Statista, Anzahl der Absolventen in der Fächergruppe Ingenieurwissenschaften an Hochschulen in Deutschland in den Prüfungsjahren von 2005–2018 (2019)
Schmittner, C., et al.: Automotive cybersecurity - training the future. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 211–219. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_14
(2021). (rep.). Study about the requirements for an ECQA Certified Cybersecurity Engineer and Manager. https://www.project-cybereng.eu/wp-content/uploads/2021/06/CYBERENG-IO1-Study-About-Requirements.pdf
Automotive Cybersecurity by design. GuardKnox. (2022, May 22). Retrieved April 15, (2022) https://www.guardknox.com/automotive-cybersecurity-by-design/?utm_term=automotive+cybersecurity&utm_campaign=GK%2BSearch&utm_source=adwords&utm_medium=ppc&hsa_acc=2477278000&hsa_cam=16131374351&hsa_grp=131730259823&hsa_ad=580845163643&hsa_src=g&hsa_tgt=kwd-278111740315&hsa_kw=automotive+cybersecurity&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gclid=Cj0KCQjwma6TBhDIARIsAOKuANxdrGpAu3MS5aUH2dN8vVaQou_cmvrLOeFma_9A-WM7XPRebjWbrVQaAtDyEALw_wcB
Automotive Cybersecurity. Vector Informatik GmbH. Retrieved April 15, (2022) https://www.vector.com/int/en/products/solutions/safety-security/automotive-cybersecurity/?gclid=Cj0KCQjwma6TBhDIARIsAOKuANw-AGiBvieIDAUEX7_fbKVBEAxveZMEtGUU7m3t6wvGPNqutJboxbkaAmblEALw_wcB#c2920
(2021). (rep.). Skills set for an ECQA Certified Cybersecurity Engineer and Manager. Retrieved April 15, (2022) https://www.project-cybereng.eu/wp-content/uploads/2021/08/CYBERENG-IO2-Skills-Set.pdf
DRIVES, Project. DRIVES Framework: Deliverable 4.4.2 Full Definition and Rules of the ERFA. https://www.project-drives.eu/Media/Publications/211/Publications_211_20211201_113520.pdf
Mahmood, H.: Application Threat Modeling using DREAD and STRIDE. Accessed 03 Aug 2018 (2017) https://haiderm.com/application-threat-modeling-using-dread-and-stride
Khan, R., McLaughlin, K., Laverty, D., Sezer, S.: STRIDE-based Threat Modeling for Cyber-Physical Systems. In 2017 IEEE PES: Innovative Smart Grid Technologies Conference Europe (ISGT-Europe): Proceedings IEEE . (2018) https://doi.org/10.1109/ISGTEurope.2017.8260283
Chauhan, Y.: The 7 security objectives of any organization for IT and network security. Yogesh Chauhan. Retrieved April 15, (2022) https://yogeshchauhan.com/the-7-security-objectives-of-any-organization-for-it-and-network-security/
Acknowledgements
The ECQA Certified Cybersecurity Engineer and Manager – Automotive Sector project (CYBERENG) is co-funded by the Erasmus+ Call 2020 Round 1 KA203 Programme of the European Union under the agreement 2020–1-CZ01-KA203–078494. This work is partially supported by Grants of SGS No. SP2021/87, VSB - Technical University of Ostrava, Czech Republic.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Stolfa, S. et al. (2022). Automotive Cybersecurity Manager and Engineer Skills Needs and Pilot Course Implementation. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol 1646. Springer, Cham. https://doi.org/10.1007/978-3-031-15559-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-031-15559-8_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15558-1
Online ISBN: 978-3-031-15559-8
eBook Packages: Computer ScienceComputer Science (R0)