Cyber Security in Automotive: Information Security in the Automotive Industry

Asset management in the sense of the TISAX® requirements under 1.3 deals on the one hand with information assets (data/information) and on the other hand with information carriers (IT/OT systems of any kind). In this context, it is elementary to maintain a central directory of all existing assets as well as the responsible persons.

Corresponds to ISO 27001: A.8.1.1, A.8.1.2

By using a network access control solution, such as macmon NAC, there is a constant overview of all systems connected to the network. Device types can be grouped and managed on the network according to various criteria, such as location, network access, device type, responsible party, information content and many other properties. macmon NAC thus contributes an inventory of all assets connected to the network and also provides supplementary information, such as the lifecycle or the current location of the devices.

The incident management of an organization (TISAX® 1.6) represents the orderly processing of information security events and has the goal of limiting possible damage and preventing a repeated occurrence.

On the one hand, the criticalities and escalation levels must be determined at the organizational level, while on the other hand, the alerting systems must be able to fulfill these requirements and thus optimally support the organizational processes.

Corresponds with ISO 27001: A.16.1

In addition to Network access control and the associated policies, macmon NAC offers separate event processing that can be used to react individually to any situation. Thus, information about endpoints and network devices detected in the network is processed and analyzed to generate attack events like ARP spoofing, MAC spoofing, etc., informal events about Network-Session-Started, but also warnings like Endpoint-Almost-NonCompliant or Network-Device-Changed. Based on these events (approx. 50 different ones), various reactions can be defined, such as an alert via mail, SMS, trap, syslog, sending data to a REST API, but also concrete measures such as isolating an endpoint. All environment variables such as location, responsible person, time, etc. can be included as conditions in order to actively support each incident management individually.

The Human Resources of a company (TISAX®2.) define the requirements for secure work outside the company structures. Here, the aspects of data protection, access to information content and its protection against access by unauthorized persons, are regulated.

Corresponds to ISO 27001: A.6.2

macmon NAC supports the enforcement of security policies for mobile devices by checking the implemented security measures, such as virus protection, desktop firewall or installed patches, and by initiating direct measures. Mobile devices that have not been logged on to the corporate network for a long time can be checked in a separate quarantine network and, if necessary, updated or reconfigured to gain access to the corporate network only after passing the security check. The integrity of these end devices is individually verified by security measures from the areas of fingerprinting, WMI and SNMP, and footprinting.

The identity management of an organization (TISAX®4.1) regulates the identification of trusted sources for authentication with the aim of allowing only authorized persons and devices to access corporate resources. Furthermore, measures and procedures for logging are defined, which enable sustainable documentation for the detection of security breaches.

Corresponds to ISO 27001: A.9.1., A.9.4.2

Network Access Control is able to authenticate both end devices and users, as well as a combination of both identities. On the one hand, this ensures that only devices that are trustworthy and meet the security requirements are granted access to the network. On the other hand, in combination with user identities, it is possible to regulate that certain devices may only be operated by certain users in the network. In this way, security zones can be defined depending on the available resources and information and protected against unauthorized use by means of macmon NAC.

In addition to managing access and controlling segmentation, various third-party solutions such as firewalls or IPS systems can be integrated. Such integrations offer the possibility to isolate end devices in case of detected anomalies or to transmit information about successfully identified devices to the other systems in order to automatically transfer the information into the rules and regulations.

The Operations Security of an organization (TISAX®5.2) regulates procedures for securing the IT network infrastructure with the aim of considering aspects of information security in the event of changes to business processes. It also aims to ensure that reliability, confidentiality and integrity are guaranteed.

Corresponds to ISO 27001: A.13.1.1, A.13.1.3

The basic principle of macmon NAC is the management and control of networks including all end devices and network devices within them. In addition to managing access and controlling segmentation, various third-party solutions such as firewalls or IPS systems can be integrated. Such integrations offer the possibility, in case of detected anomalies by the firewalls or IPS systems, to isolate the end devices concerned by means of macmon NAC or to transmit information about successfully identified devices to the other systems in order to automatically transfer the information into the policies there. Conceivable scenarios are, for example, the protection of highly critical network areas by internal firewalls, while communication through the firewalls is only allowed for end devices and users that have been uniquely identified beforehand by macmon NAC and have the corresponding security clearance.

Network segmentation is a basic feature and at the same time a major added value of macmon NAC. The boundaries between segments can be defined by virtual networks (VLANs) or access control lists (ACLs) to ensure that only authorized persons and devices are granted access to the respective information services and information systems.