VAIVA GmbH - Safe Mobility


Constant focus: information security/ cyber security

Nina Eichenseher,

When it comes to road traffic safety, at first what usually comes to mind is intelligent assistance systems, connected vehicles or automated/ autonomous driving functions. However, an important part of our activities that is currently becoming an increasing focus of the wider public debate is information security in vehicles, also known as cyber security.

The proportion of software and communication channels in and out of the vehicle has been experiencing a massive increase for years now. This increases the risk of data theft or software manipulation, which can lead to the interruption or misuse of the services and functions offered by the vehicle. This is why vehicle cyber security mainly involves data integrity and communication with the surrounding environment.

The following are the main categories of cyber security:

  • Impact on the functionality
  • Impact on the functional safety
  • Impact on data privacy
  • Impact on the company (i.e. economic losses)

The complexity of cyber security can be easily discerned from these bullet points. Covering all of the aspects can be achieved only by systemizing the development methods across the entire secure software development lifecycle (SDLC). Our “end-to-end” orientation can thus be found once again in the area of security, beginning with the initial specification or design step, all the way to validation in the vehicle.

For one thing, we achieve this through strict implementation of the relevant norms such as ISO 21434 “Road Vehicles – Cybersecurity Engineering” as the newest and most comprehensive on the market, or the ASPICE (Automotive Software Process Improvement and Capability Determination) security enhancement, particularly with a view toward the supply chain.

Furthermore, we continuously monitor the internal enterprise security interfaces and optimize them on a regular basis to ensure the fastest possible reaction time. Our developers are supported by intelligent tools such as Tardes and CAIRIS for “threat modeling” in order to recognize and resolve vulnerabilities as early as the design phase. In-depth testing with specialized tools (AIRCRACK-NG, Metasploit) does the rest to validate the system.

Cyber security obviously doesn’t stop with development. The market just recently illustrated that so-called “supply chain attacks” can cause damage in the millions clear across all parts of the company. This is why we subject our product deliveries to systematic consistency checks to ensure the integrity of the data. To do that, the content in every delivery is furnished with verifiable check sums. That means the customer really receives exactly what we put together for them – and only that.