From Automation to Regulation: How to Stay Ahead of Hidden Cybersecurity Risks

As organizations become increasingly digital and interconnected, they are experiencing profound changes. The rise of automation, driven by technologies like artificial intelligence (AI) and the Internet of Things (IoT), is enabling companies to boost productivity and streamline operations. However, this efficiency comes with a downside: as processes become more automated, businesses often have less direct control over every detail, which opens them up to a range of new risks, both internal and external.

One of the key challenges in this evolving landscape is the shifting nature of organizational roles and responsibilities. Leadership teams must navigate these changes by adapting to new demands and ensuring that their organizations remain secure and competitive. In times of rapid technological advancement, it is essential that boards of directors maintain strong governance over information security. Additionally, employees must be equipped with the right knowledge and skills to handle new technologies and comply with evolving regulations. This enables them to translate strategic decisions from the boardroom into effective operational practices.

Overlooked Cybersecurity Risks

When it comes to cybersecurity, there are several risks that often go unnoticed. Many organizations place significant trust in their IT departments to manage critical security functions, such as email spam filtering and secure data storage through cloud providers. While these are important measures, a more subtle yet equally significant threat lies in the realm of human error, particularly through social engineering. Social engineering attacks manipulate individuals into unwittingly providing access to sensitive information, making employee awareness and training essential to prevent these breaches.

In parallel, regulatory changes are also driving organizations to rethink their approach to cybersecurity. The European Union, for instance, is rapidly updating legislation in the digital sector, aiming to reduce the risk of external manipulation. For example, ensuring that autonomous vehicles cannot be hijacked for malicious purposes is a top priority. Staying ahead of these regulatory shifts and understanding their implications can not only protect businesses from cyber threats but also provide opportunities for growth and innovation.

Steps Toward Stronger Security

To ensure they are taking the right steps toward security, companies must first adopt a strategic approach. This begins with identifying and classifying their assets, analyzing potential threats, and pinpointing vulnerabilities within their systems. Once these risks are understood, organizations can take operational actions to prevent breaches and seal any known weaknesses in their infrastructure.

By fostering a culture of security awareness, investing in employee training, and staying up-to-date with both technological advancements and regulatory changes, organizations can better protect themselves from the growing risks that come with an increasingly digital and interconnected world.

The Crucial Role of Cybersecurity in the Modern Automotive Industry

In today’s rapidly evolving automotive landscape, cybersecurity has emerged as a vital concern. The integration of connected vehicle technologies has revolutionized how cars function, relying on connectivity for features like infotainment, navigation, and over-the-air updates. This reliance has significantly expanded the potential attack surface, making cybersecurity a critical focus. As regulatory bodies enforce stringent cybersecurity standards, automotive manufacturers and suppliers are compelled to implement robust measures to guard against evolving threats.

Navigating Cybersecurity Challenges

One of the foremost challenges in automotive cybersecurity is embedding a strong security culture within organizations, ensuring it is as fundamental as safety. This cultural shift is essential across the industry. Although cybersecurity solutions are available, many are not yet fully developed or commercially viable. The industry faces the significant task of balancing the availability of these solutions with the urgent need to secure vehicles effectively.

Balancing Innovation with Security

The automotive sector is characterized by rapid innovation, which must be carefully balanced with the need for robust security. Compliance with regulatory standards is mandatory, yet innovation remains crucial for competitive edge. To achieve this balance, automakers should focus cybersecurity efforts on the most critical vehicle functionalities and components. By securing these vital areas, manufacturers can continue to innovate while ensuring the safety and security of road users.

Impact on Supplier and OEM Interactions

In response to increased cybersecurity awareness, Original Equipment Manufacturers (OEMs) are now required to ensure their entire supply chain complies with cybersecurity standards, as mandated by Regulation 155 and the ISO/SAE 21434 standard. This regulatory framework is fostering more collaborative relationships between suppliers and OEMs through joint reviews and cybersecurity audits. While these practices are becoming standard in safety-related contexts, there is still progress to be made in integrating them into cybersecurity protocols.

Integrating Cybersecurity into the Vehicle Development Lifecycle

Cybersecurity should be an integral part of the vehicle development lifecycle, whether adopting agile or V-model methodologies. The ISO/SAE 21434 standard outlines the importance of Security-by-Design, which prevents costly and potentially ineffective security fixes later in the process. By embedding cybersecurity from the outset, manufacturers can ensure a more seamless and robust security approach.

Addressing Unique Threats of Autonomous Vehicles

The advent of autonomous vehicles introduces new cybersecurity challenges not present in traditional vehicles. One significant concern is the potential for unsupervised passengers to become threat actors. The risk of internal exploitation becomes more pronounced in autonomous vehicles, necessitating comprehensive strategies to address these unique threats.

The Role of Artificial Intelligence (AI) in Automotive Cybersecurity

AI’s integration into automotive technologies, such as Advanced Driver Assistance Systems (ADAS) and autonomous driving, brings both opportunities and risks. While AI can enhance vehicle functionalities, it also has the potential to empower attackers, making them more effective and efficient. This development underscores the need for advanced and dynamic defensive measures to counter AI-powered threats.

Exceeding Regulatory Compliance

For OEMs, meeting regulatory standards is a starting point, but exceeding these requirements may be necessary depending on their market position. Premium brands or companies in the competitive autonomous vehicle sector might choose to go beyond basic compliance to enhance their reputation and stay ahead of the competition.

Securing the Digital Ecosystem

Securing the entire digital ecosystem surrounding modern vehicles—encompassing the vehicle itself, mobile apps, backend systems, and cloud infrastructure—is crucial. While regulations may not explicitly cover all these areas, a comprehensive approach is essential. Employing a defense-in-depth strategy, which involves multiple layers of security, ensures that if one layer is compromised, others will still provide protection. This holistic approach strengthens the overall security posture of the automotive ecosystem.

In conclusion, as the automotive industry continues to evolve with new technologies, the importance of robust cybersecurity measures cannot be overstated. Balancing innovation with security, integrating cybersecurity into every stage of development, and preparing for emerging threats are essential for protecting both vehicles and their users in an increasingly connected world.

The article is based on an interview with: Manne Engelke, Cybersecurity Lead – Expert Services

CodeSonar 8.2 is a major upgrade that includes new features and integrations, enhanced compiler and language support, and additional checkers. Key highlights are outlined below.

Language Support

• Upgraded C# analysis to support .NET 8.0
• Mapping of Python warnings to CWE for improved reporting and insight.
• Upgraded reports to support CWE version 4.14.
• Mapping of Java warnings to create reports against CWE-660 Weakness in Java Programming.
• New checkers to detect overflows when performing floating point math operations.

Integrations

A new integration with Gerrit Code Review to facilitate team collaboration and process enforcement.

C/C++

• 97% coverage of MISRA C 2023.
• Increased support for C23, C++23, and C++26 language features.
• New compiler model for the Keil C251 compiler for teams targeting the 80251 architecture.
• We added support for the MPLAB C30 complier.
• Support for GCC 13.3 and clang

CodeSonar Hub

Support for easy filtering of on standards such as MISRA, CERT in the categories field on warning and analysis pages. See video here.

Lauterbach’s TRACE32® development tools now support NXP® Semiconductors’ S32N55 vehicle super-integration processor for consolidation of real-time vehicle functions in software-defined vehicle (SDV) architectures. TRACE32® tools support includes simultaneous debugging of the processor cores as well as non-intrusive processor trace capture.

XJTAG Shows the Benefits of Boundary Scan at Evertiq Expo, Malmö

XJTAG®, a leader in JTAG boundary scan products, will be presenting a talk entitled “What is JTAG and how can JTAG help me?” at Evertiq Expo in Malmö on 23^rd of May 2024 as part of the launch of version 4.0 of the XJTAG software suite. The company will also be manning a booth along with its distributor partner, Nohau Solutions, at the conference.

XJTAG 4.0 contains a number of improvements to the software, including Optimised Scans which allow different JTAG chains on a board to be run simultaneously at different clock frequencies, allowing your tests to run at their full potential, rather than being restricted by a few slower devices.

Simon Payne, XJTAG CEO said, “All FPGAs have boundary scan built in, but many engineers don’t realise how it can help them. Evertiq Expo is a great opportunity to demonstrate how the board’s JTAG connection allows engineers to use the FPGA’s boundary scan capabilities to test their board.”

Evertiq started out as a magazine covering electronics news and developments with an initial focus on the Swedish market and now holds a number of tradeshows around Europe under the banner of the Evertiq Expo. The Malmö show is the flagship expo, being set in one of Sweden’s fastest growing regions for the industry, including startups and universities.

This is a free show allowing engineers to meet their current and potential suppliers in the electronics design and manufacturing industries. The formal presentations during the day and informal discussions at the venue’s booths and over lunch or coffee give engineers the opportunity to learn from industry experts like XJTAG.

Tommaso De Vivo, XJTAG’s Vice President Business Development, EMEA, will be presenting at Evertiq Expo as well as being available at exhibition booth #63 for 1-to-1 discussions. He said, “I’ll be explaining what boundary scan is and how it allows an FPGA’s pins to be turned into virtual test points that can be read and controlled. I’ll show you how that can be used to test the board for assembly faults and to perform accelerated programming.”

One of the biggest problems with testing modern high-density PCBAs comes from the lack of physical access to points in the circuit caused by shrinking board area and the use of advanced IC packages such as BGAs. Tommaso De Vivo said, “The beauty of using boundary scan to test the board is that the reduced level of physical access no longer matters. And because you don’t need to configure the FPGA or run any code on the board, you can also use it to find out what’s wrong on boards that won’t boot.”

XJTAG’s tools provide an easy-to-use way to make the most of an FPGA’s boundary scan capabilities. Boundary scan is used by many engineers in R&D, test, and manufacturing across all industry sectors. It assists them with board bring-up as well as test and debug, and having an FPGA on the board also allows for accelerated programming of memories.

About JTAG

JTAG is an IEEE standard that was developed to address the difficulties of testing circuits that use packaging technologies such as Ball Grid Arrays and Chip Scale Packages, where solder connections aren’t accessible to traditional bed-of-nails testers. Although JTAG has since become popular for processor debug and for programming FPGAs and CPLDs, they only make use of the standard’s communications protocol. The full benefit of the JTAG standard comes from its introduction of boundary scan techniques for testing and debugging assembled boards; XJTAG’s tools give you an easy way to use those capabilities.

Lauterbach’s TRACE32® development tools now also support the HighTec Rust Compiler, tailored for Infineon AURIX™ TC3x and TC4x microcontrollers. The debugging of compiled Rust programs is therefore not only possible in the machine code, but also at source code level.

Rust is a multi-paradigm system programming language that was developed by the open source community with the aim, among other things, of avoiding program errors that lead to memory access errors or buffer overflows and thus possibly also to security vulnerabilities. The HighTec Rust Compiler delivers the full range of Rust language features, including memory safety, concurrency, and interoperability, for applications with safe, secure, high-performance, and rapidly deployable requirements.

Lauterbach’s TRACE32® enables hardware-accelerated debugging and real-time tracing of Rust code for all the TriCore and other cores like PPU and GTM implemented in AURIX™ TC3x and TC4x, a unique capability to cover the whole system. TRACE32® tools consist of the universal PowerView debugging and tracing software as well as debug and trace accelerator modules. While Lauterbach’s intelligent PowerDebug modules provide the highest available download speeds and smallest response times for efficient debugging and test automation, PowerTrace real-time trace modules provide full insights into what the CPUs and other cores of an AURIX™ system are doing without impacting its real-time performance in any way. Thanks to Lauterbach’s leading hypervisor and OS awareness technology, even virtualized environments can be examined safely and without restrictions. Trace analysis including code coverage measurements can support bringing embedded designs to market faster, safer, and more reliably than ever.

“Rust is a programming language that offers security, high performance, and ease of use”, says Norbert Weiss, Managing Director at Lauterbach GmbH. “With the support of our market-leading TRACE32® debug and trace tools for the HighTec Rust Compiler, embedded developers can now take advantage of Rust for their AURIX™-based projects.”

“The HighTec Rust Compiler for AURIX™ TC4x and TC3x utilizes the advanced open-source LLVM technology to leverage the full range of Rust features, including memory safety, concurrency, and interoperability, for safe and secure high-performance applications”, explains Mario Cupelli, CTO at HighTec EDV-Systeme. “We are very pleased to offer together with our long-term partner Lauterbach’s TRACE32® a leading solution for the development, debugging, tracing, and deployment of safe and secure embedded applications written in Rust and C/C++.”

Together with HighTec’s Rust Development Platform for Rust, Lauterbach’s TRACE32® enables developers of embedded devices to evolve Rust applications based on AURIX™ TC3x and TC4x microcontrollers, even faster and easier. 

CodeSonar V8.1 -CodeSonar language coverage now includes Kotlin, Python, Go, Rust, JavaScript, and TypeScript

CodeSecure announced a major new release for CodeSonar. CodeSonar 8.1 extends a developer centric approach for product security to include language support for Kotlin, Python, Go, Rust, JavaScript, and TypeScript. In addition to C/C++, Java and C#, CodeSonar now includes the emerging security centric embedded languages as well as modern web centric languages to cover end-to-end application development all under one SAST application. Numerous high profile product exploits have driven significant changes in how product development teams approach securing their code.

These DevSecOps trends include:

• Making SAST a developer-centric solution to address security upfront
• While minimizing disruption to the workflow
• Managing geographically dispersed development teams
• Single SAST platform solution for consistent metrics, reporting, and vulnerability management

This evolution enables developers to leverage CodeSonar’s advanced analysis capabilities across a diverse range of projects and technologies.

Operating Systems: Whether you’re developing for Windows, Linux, a real time operating system, or bare metal Better phrase than bare metal? CodeSonar ensures compatibility across various platforms.

Compilers: CodeSonar supports more than 90 compilers, including clang, GCC, Microsoft, IAR, Tasking, QNX, WindRiver. CodeSonar adapts to the language of your choice, providing comprehensive analysis in C/C++, Java, C#, Kotlin, Python, Go, Rust, JavaScript, and TypeScript.

Checkers: With hundreds of built-in checkers, CodeSonar examines code for potential vulnerabilities, coding errors, and compliance violations. From memory leaks to buffer overflows, CodeSonar’s advanced static analysis capabilities help identify issues early in the development cycle, saving time and resources in the long run. Whether you prefer cloud-based solutions or on-premises deployment, or fully air-gapped environments, CodeSonar offers flexible host platform options to suit your needs.

Integrations: CodeSonar seamlessly integrates with popular development products and CI/CD pipelines, streamlining the code review and deployment process. From IDE plugins to Jenkins GitHub and GitLab integrations, CodeSonar fits seamlessly into your existing toolchain, enhancing developer productivity and collaboration.

Coding Standards: CodeSonar helps organizations adhere to regulatory requirements such as MISRA, CERT, and CWE, ensuring code quality and security at every stage of the development lifecycle.

Deployment Models: Support for on-premises deployment for enhanced control and security or a cloud-based solution for scalability and accessibility,

Koenigsegg Unleashes Its Potential With Lauterbach

Established in 1994, Koenigsegg is renowned for crafting luxury cars and cutting-edge vehicles, consistently leading in automotive innovation.

We explore their journey of integrating Lauterbach TRACE32, a vital component of their journey to elevate software development and requirements management processes. Additionally, we dive into their latest groundbreaking project, the world’s first 4-seater Megacar, a testament to their ongoing commitment to innovation.

The top 10 points why ALM is important

Why is an ALM tool important in todays development of embedded products

Nohau have during the past more than 25 years preached and missioned to improve the development process by using Requirement Management and ALM/PLM tools. It has been with limited success as most embedded engineers were focusing on implementation of the initial functionality, which typically were described in documents or spreadsheets. The products and applications were typically relative simple and future modifications and improvements were handled in the same documents

Now we experiences a huge request for Requirement and ALM/PLM tools. This is mainly because of the huge increase in complexity of the embedded application, which often have lifetimes of more than 15 years and the involvement of many developers.

Lets try to list 10 points why Application Lifecycle Management is so important:

1. Smooth Development Process – Developing an application includes more of a team of developers, standardized processes, and documentation and not just only an awesome application developer. ALM tools can help you easily implant these processes and documentation in themselves by using them as a central hub for storing all the data related to the application development lifecycle. This will enable full traceability and hence, high accountability.
2.  Preparing and Organizing the Development Process – ALM tools help manage the application development lifecycle. The planning phase begins as soon as the clients share their project requirements. With the help of ALM tools, you can draw up your plans more efficiently along with tools that fit your specific requirements. They can either support waterfall methodology or agile methodology or both.
3.  Maintain Budgets & Productivity – The first step in any planning is to set up a financial budget. Choosing methodologies that can potentially drain budgets and productivity is simply a stupid move. ALM integration eliminates the requirements for varied environments for testing. Also, with all-in-one software, review and management become easier too.
4.  Team Management – Communicative and coordinative workspace deeply suits an efficient and smooth software development. ALM can keep all the members on the same page with the real-time strategies, changed requirements, and regular project status. Remote jobs are highly and positively affected by this.
5.  Speed + Quality – If the team does not collaborate appropriately, the chances for loopholes, delayed deliveries, and low product quality can increase. When you operate your project on ALM software, the integrated tools deliver the user requirements successfully, that too with high quality.
6. Carrying the Load – There are high possibilities that the project might get stuck at some point. In case of such cases, apt choices and decisions are needed. ALM comprises the resources and processes in one tool which consequently, benefits the determination of solutions at each step.
7. Employee Satisfaction – Employees show their dedication and interest through their productivity levels. Appreciating their efforts and choices is a must. ALM provides the freedom to the employees to use the tools and make their own choices and decisions. This keeps them motivated and satisfied enhancing their productivity.
8. Team Productivity – Team productivity is of the utmost importance for a successful outcome in any project. ALM integrated software helps in distributing and allocating the tasks easily. Also, it helps to track productivity, quality, and progress regularly too.
9. Fixing Bugs – Testing is done to make sure that the application has as lesser bugs as possible. ALM tools provide a platform for uniting the development and testing processes. This helps reduce the chances of loopholes and enhances the quality of the application.
10. Customer Satisfaction – Every service by every organization strives in order to satisfy its customers. ALM tools help maintain high visibility and transparency amongst the service provider and the clients.