ETAS secures the future of software-defined vehicles with new cybersecurity solutions

Securing the vehicle computer as the central enabler of software-defined vehicles
Active identification and management of software vulnerabilities

Stuttgart, Germany, November 21, 2024 – ETAS, a leading provider of automotive software solutions, recently announced the launch of two new cybersecurity solutions at the escar Europe automotive cybersecurity conference in Dortmund, Germany. The ESCRYPT Vehicle Computer Security Suite and the ESCRYPT Vulnerability Management Solutions address the increasing security challenges posed by the rise of software-defined vehicles (SDVs).

Most new functionalities of software-defined vehicles are implemented and located in the vehicle computer. However, this also poses security risks, as it may serve as an entry point for unauthorized access – especially with the growing number of connectivity channels of the vehicle to cell phones, Bluetooth, Wi-Fi, or the Internet. Securing the vehicle computer against all threats without slowing down processes is a tough challenge.

Holistic SDV protection

The ESCRYPT Vehicle Computer Security Suite offers a holistic and future-proof approach to secure the vehicle computer, the central enabler of SDVs. This comprehensive suite provides a highly customizable and flexible portfolio of security solutions, addressing the unique challenges of SDVs presented by the need for efficient collaboration among distributed teams, high data rate management, and maintaining stringent security standards. The ESCRYPT Vehicle Computer Security Suite reduces complexity to a minimum. It simplifies and speeds up integration and validation processes. It includes a trusted operating system, HSM (Hardware Security Module) security, IDS (Intrusion Detection System), and secure Ethernet switches.

Key benefits of the ESCRYPT Vehicle Computer Security Suite include:

Plug-and-play integration: Seamless integration with operating systems like QNX and hypervisors simplifies deployment and minimizes complexity.
High data rate management: Optimized for the high data rates characteristic of modern vehicles, ensuring performance is not compromised.
Flexible customization: Supports various security use cases through customizable plug-and-play packages and allows connection of arbitrary sources and native applications for comprehensive monitoring.
Future-proof security: Addresses current and future SDV security challenges.
Ensured compliance: Enables compliance with regulations such as UNECE 155/156 and fulfills standards such as ISO/SAE 21434 and ISO 26262.

The ESCRYPT Vehicle Computer Security Suite at a glance.

Active vulnerability management

The ESCRYPT Vulnerability Management Solutions provide effective vulnerability management throughout the entire SDV lifecycle. Offered as a product, a service, or in combination with ESCRYPT CycurRISK, these solutions identify and manage potential security threats through automated firmware analysis, generating a Software Bill of Materials (SBOM) and performing regular vulnerability scanning with automatic filtering and prioritization. The service also provides detailed risk assessments and recommends mitigation measures to help ensure product cybersecurity and compliance.

ETAS’ service partner is ONEKEY, a product security specialist. ETAS and ONEKEY offer a joint solution for effective vulnerability management in software-defined vehicles. The ONEKEY platform automates the real-time creation of SBOMs from binary software.

“As pioneers in automotive security, we at ETAS combine the ONEKEY platform with our expertise and ESCRYPT CycurRISK for critical vulnerability prioritization,” says Dr. Thomas Irawan, President ETAS GmbH. “By prioritizing the most critical vulnerabilities, our joint solution makes the large number of identified vulnerabilities much more manageable,” he continues.

Key benefits of the ESCRYPT Vulnerability Management Solutions include:

Automated component analysis: Provides complete visibility into the software supply chain.
Zero-day detection: Identifies known and unknown vulnerabilities, including zero-days.
Compliance support: Ensures alignment with key regulations and standards like UN R155 and ISO/SAE 21434.
Risk prioritization: Integration with ESCRYPT CycurRISK prioritizes critical vulnerabilities, making the large number of identified vulnerabilities manageable.
Context information capturing: ESCRYPT CycurRISK supports the creation and maintenance of Threat Analyses and Risk Assessments (TARAs).

“With a proven track record, our cybersecurity solutions protect already multimillion vehicles on the road worldwide. These new cybersecurity solutions provide a solid basis for securing the future of software-defined vehicles,” closes Dr. Frederic Stumpf, Solution Field Portfolio Manager Cybersecurity at ETAS.

About ETAS

ETAS GmbH is a wholly owned subsidiary of Robert Bosch GmbH, represented in twelve countries in Europe, North and South America, and Asia. ETAS' portfolio includes software development tools, software testing solutions, automotive middleware, data acquisition & processing tools, authoring & diagnostic solutions, automotive cybersecurity solutions, and end-to-end engineering and consulting services for the realization of software-defined vehicles. Our product solutions and services enable vehicle manufacturers and suppliers to develop, operate, and secure differentiating vehicle software with increased efficiency.

ETAS GmbH

Anja Krahl

Senior Manager Press and Public Relations