ARLINGTON, Va.–(BUSINESS WIRE)–GRIMM, a forward-looking cybersecurity organization led by industry experts, today announced a partnership with the Automotive Information Sharing and Analysis Center (Auto-ISAC) Automotive Cybersecurity Training (ACT) program to use GRIMM’s Defensive Automotive Engineering Training Syllabus course. ACT is sponsored, in part, by the national Highway Traffic Safety Administration (NHTSA) and Auto-ISAC will use GRIMM’s comprehensive training program to supplement current and future vehicular safety capabilities.
GRIMM is a pioneering cybersecurity organization with expertise built on operational experience solving advanced cybersecurity problems. The strategic initiative will pilot test a training curriculum of best practices to leverage solutions and address infrastructure and automotive cybersecurity risks when the stakes could not be higher.
“The partnership with NHTSA and Auto ISAC will feature GRIMM’s Defensive Automotive Engineering Training Syllabus course as part of its Automotive Cybersecurity Training (ACT) program. Course participants will understand the automotive cybersecurity threat-landscape from an attacker’s perspective, which will enhance their abilities to integrate defensive security measures into their vehicle networks,” said GRIMM CEO Jennifer Tisdale.
“The global standardization of the fundamentals of automotive security will help the industry ensure that the future of advanced transportation mobility is prioritizing cybersecurity as a fundamental knowledge point in the industry’s workforce,” she added.
“The Auto-ISAC is honored that GRIMM will share their knowledge and experience with our Automotive Cybersecurity Trainees in the upcoming hands-on training at the American Center for Mobility in April.” Tamara Shoemaker, Cybersecurity Training Leader for the Auto-ISAC.
The five-day program covers a variety of issues, strategies, and specific updated technical information in a manner to facilitate student understanding and discussion. Students will gain insights into UDS design and implementation bugs, code update design flaws, inter-ECU communications weaknesses and the basic of reserve engineering of hardware and software issues. The training is ongoing and open for Auto-ISAC members.
GRIMM’s trainers strive to accommodate students with all levels of technical knowledge. However, students with some technical background and knowledge of automotive technologies will glean more from the hands-on lab portions of the course. Additionally, several of the tools used will be learned more easily by students with a passable understanding of a programming language. Students need to bring a laptop that can run the VirtualBox virtualization software using Windows/Linux/Mac. No Chromebooks please. All other necessary materials students require will be provided by GRIMM.
GRIMM’s daily program follows:
- Approach to Secure Design Thinking.
- CAN Tools and Low-Level Interactions
- ISO-TP Details
- Interactive UDS
- J2534, Software Updates, and ECU Configuration
- Introduction to Hardware Reverse Engineering
- Remote Code Execution
- FlexRay, LIN, and other modern communication Details
- Infotainment Flaws and Remedies
- Telematics Attack Surface and Current Design Flaws
- J1939 and CAN
- Supply Chain Woes and Guidance
- Automotive Risk Assessment
- Remote Keyless Entry and Passive/Proximity Key Problems
- Introduction to Software Reverse Engineering
- Vehicle to Everything (V2X) Attack Surface and Methods
- Automotive Ethernet
- Capture The Flag!
GRIMM is a forward-thinking cybersecurity organization led by industry experts. The company’s practice demonstrates the impact of security risks and provides the technical solutions to address top risks. GRIMM’s expertise is built on operational experience solving advanced cybersecurity problems. For more, go to www.grimm-co.com. Add social media hashtags here.
The Auto-ISAC operates as a central hub to share and analyze intelligence about emerging cybersecurity risks. Its secure intelligence-sharing portal allows members to anonymously submit and receive information that helps them more efficiently respond to cyberthreats.
The Auto-ISCA has global representation. Its members represent more the 99 percent of light duty vehicles on the road in North America. Members also include heavy duty vehicles, commercial fleets, and carriers and suppliers. For more information, go to www.automotiveisac.com and follow on Twitter @autoisac.