Transportation – CyberSecurity Confabulation

C2A Security’s EVSec Platform: Driving Cybersecurity Compliance in the Automotive Industry

The automotive industry is under pressure to comply with a variety of cybersecurity regulations and standards, including UN Regulation No. 155, ISO/SAE 21434, and Chinese GB Standards. The year 2024 marks a crucial period for these regulations, especially UN Regulation No. 155, which will be fully implemented.

C2A Security’s EVSec Risk Management and Automation Platform is increasingly adopted within the automotive sector to address the challenge of complying with cybersecurity regulations and standards efficiently. As of 2023, C2A Security has entered into commercial agreements with over 10 customers and partners, including a significant enterprise agreement with a European Commercial Vehicle Manufacturer.

C2A Security’s EVSec platform is designed to enhance product security in automotive software development and operations by automating traditional manual processes. It facilitates collaboration among teams, customers, and the supply chain and offers comprehensive digital twin capabilities. The platform’s continuous feedback mechanism for product operations and vulnerabilities significantly contributes to the agility of software development processes.

In 2023, C2A Security expanded its customer base to include multiple OEMs and Tier 1 suppliers through successful evaluations and partnerships with industry leaders such as Daimler Truck AG, BMW Group, Marelli, NTT Data, Siemens, and Valeo.

EVSec aids in aligning with regulatory standards and best practices by mapping and automating compliance efforts, crucial for companies pioneering new vehicle technologies and infrastructure. Roy Fridman, CEO of C2A Security, highlights the importance of automated product security platforms like EVSec in addressing the challenges posed by current and emerging regulatory demands. He references a case from late 2023 where a premium car manufacturer halted sales of a popular model in the European Union due to non-compliance, underscoring the competitive necessity for advanced security automation in product development and operations.

C2A Security positions itself as a leading provider of risk-driven DevSecOps platforms tailored for the automotive industry, offering solutions that transform cybersecurity from a limitation to a value multiplier. Founded in 2016 by NDS/Cisco veteran Michael Dick and headquartered in Jerusalem, Israel, C2A Security serves a global market, including Daimler Truck AG, BMW Group, Siemens, Valeo, and others, driving down software release times and costs while enhancing cybersecurity posture. For more information, visit C2A Security’s website www.c2a-sec.com.

The post C2A Security’s EVSec Platform: Driving Cybersecurity Compliance in the Automotive Industry appeared first on Cybersecurity Insiders.

Digital Car Keys Are Coming

Posted 1 year ago by Bruce Schneier

Soon we will be able to unlock and start our cars from our phones. Let’s hope people are thinking about security.

Remotely Stopping Polish Trains

Posted 2 years ago by Bruce Schneier

Turns out that it’s easy to broadcast radio commands that force Polish trains to stop:

…the saboteurs appear to have sent simple so-called “radio-stop” commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as $30 of off-the-shelf radio equipment can broadcast the command to a Polish train—sending a series of three acoustic tones at a 150.100 megahertz frequency—and trigger their emergency stop function.

“It is three tonal messages sent consecutively. Once the radio equipment receives it, the locomotive goes to a halt,” Olejnik says, pointing to a document outlining trains’ different technical standards in the European Union that describes the “radio-stop” command used in the Polish system. In fact, Olejnik says that the ability to send the command has been described in Polish radio and train forums and on YouTube for years. “Everybody could do this. Even teenagers trolling. The frequencies are known. The tones are known. The equipment is cheap.”

Even so, this is being described as a cyberattack.

Hacking the JFK Airport Taxi Dispatch System

Posted 2 years ago by Bruce Schneier

Two men have been convicted of hacking the taxi dispatch system at the JFK airport. This enabled them to reorder the taxis on the list; they charged taxi drivers $10 to cut the line.

Hacking Boston’s CharlieCard

Posted 2 years ago by Bruce Schneier

Interesting discussion of vulnerabilities and exploits against Boston’s CharlieCard.

Aviation Safety and Cybersecurity: Learning from Incidents

Posted 3 years ago by Tripwire Guest Authors

The aviation safety sector is the study and practice of managing aviation risks. It is a solid concentration of regulations, legal documents, investigations of accidents and near-miss aviation incidents. On top of them lie lessons learned and shared knowledge; reports, facts and stats forming a cognitive super vitamin, that the aviation community uses to keep […]… Read More

The post Aviation Safety and Cybersecurity: Learning from Incidents appeared first on The State of Security.