Are you interested in our solutions? Then write us a message. Our sales team will be happy to help you.
Start enquiry
Due to advancing connectivity and the increasing significance of software in vehicles, protection from cyberattacks is becoming more and more important. Cybersecurity is a key component of Bosch’s promise of quality and an important aspect of the development, production, and operation of our products. For over ten years, Bosch has been actively shaping cybersecurity in the automotive sector and helping develop solutions and set standards to optimally protect vehicles and occupants at all times.
The importance of cybersecurity in the automotive sector continues to grow due to increasing connectivity and software that controls and monitors key driving functions. Connections to the internet and to smartphones must be protected from unauthorized access. Advanced driver assistance features require protection from attacks and manipulation to ensure the safety of all traffic participants. Consequently, international regulations (e.g. UN R155)
now place mandatory cybersecurity requirements on new vehicles. Cybersecurity has been an integral part of the development of new Bosch products for many years, based on a comprehensive technology portfolio. And cybersecurity has also found its way into the worldwide production network as well. Bosch also offers support to its customers during operation to ensure that cybersecurity is in place until the end of the vehicle’s life cycle.
Cybersecurity is an important part of the development stage, determining the level of protection a new product requires. Through a structured process, threats and risks are determined and analyzed, and these are then used to derive suitable protective measures.
In order to implement the protective measures, Bosch uses a comprehensive portfolio of cybersecurity technologies for tailor-made hardware and software solutions. These form the basis for protecting systems that are critical to safety.
Cryptographic keys in each vehicle and electronic control unit are the basis for many security measures. These keys must be installed into the components during production. Using its own global key management system (KMS), Bosch distributes its own cryptographic keys.
After a vehicle is delivered, the requirements of detecting new threats and closing vulnerabilities in security and other weaknesses are by no means over. In this context, Bosch provides its customers with various services to continue the collaboration over the life cycle of a vehicle model.
Cybersecurity is an important part of the development stage, determining the level of protection a new product requires. Through a structured process, threats and risks are determined and analyzed, and these are then used to derive suitable protective measures.
In order to implement the protective measures, Bosch uses a comprehensive portfolio of cybersecurity technologies for tailor-made hardware and software solutions. These form the basis for protecting systems that are critical to safety.
Cryptographic keys in each vehicle and electronic control unit are the basis for many security measures. These keys must be installed into the components during production. Using its own global key management system (KMS), Bosch distributes its own cryptographic keys.
After a vehicle is delivered, the requirements of detecting new threats and closing vulnerabilities in security and other weaknesses are by no means over. In this context, Bosch provides its customers with various services to continue the collaboration over the life cycle of a vehicle model.
Member of the Bosch Mobility Sector Board
Many years ago, Bosch already started implementing well-structured processes for developing all cybersecurity-critical products. A lot of the expertise of our cybersecurity experts from these years of experience also went into the standardization activities for the new ISO/SAE 21434 standard, which has been applied in product engineering since 2022. The first step is determining all potential threats and risks for the product. Conducting a
threat analysis and risks assessment (TARA), these risks can be evaluated in order to, in the next step, select suitable protective measures during product development and create the security concept. Before approval, a penetration test, meaning a simulated cyber attack, can be performed to test the effectiveness of the measures.
The hardware security module checks the authorization of software updates.
One of the prime protection goals is preventing unauthorized changes to the software in the electronic control unit, which can have serious consequences during operation.
Therefore, software updates are provided with a digital signature, which is checked during installation.
The signature is created using the key management system and compared during installation with the root certificate that is securely stored in the hardware security module (HSM) in the electronic control unit.
The comprehensive cybersecurity portfolio from Bosch provides the foundation for many protective measures. An important component is the hardware security module (HSM), which is contained inside the microcontroller. This is where cryptographic keys are stored securely. The specification of the Bosch
HSM is implemented by many chip manufacturers today. Special software – for example, CycurHSM from the Bosch subsidiary ETAS – runs on the HSM. Combining that with the Bosch AUTOSAR stack creates the secure basis for a wide range of different functions.
The ECU controls and monitors the exchange of data.
Many control units from Bosch must meet elevated security requirements. In addition to other measures such as secure software updates, a secure boot process can be used on such devices. During this process, the ECU checks whether unauthorized changes have been made to the software each time the vehicle is started. When the original software or an update is installed, an individual checksum is calculated and saved in the HSM. This sum is recalculated and compared to the reference value each time the vehicle is started. Any possible deviations are thus detected, and appropriate countermeasures can be taken.
Cybersecurity is also an essential part of the production process. Many security measures require cryptographic keys to be transmitted to the electronic control units. There, they are used for digital signatures, for example, and are necessary to prove the identity of the vehicles to backend systems. Using Bosch’s own global key management system (KMS), the
cryptographic keys are distributed securely to the individual plants to be installed directly to the control units during the production process. Individual cryptographic keys can be generated by Bosch or provided by OEM customers. It is also possible to connect to a customer’s KMS and exchange data directly and securely.
Cryptographic keys are used to verify a vehicle’s identity.
If a vehicle sends data to a backend system or uses online services, it is often necessary to verify its identity. For this purpose, the vehicle identifies itself digitally using its individual cryptographic key, which was already installed during production. This key proves the authorization and prevents data from being accessed or sent without permission.
Vehicles are exposed to a variety of threats over their entire life cycle. Even comprehensive analyses during development and technical measures cannot prevent novel threats from arising and new security vulnerabilities from being discovered. As part of a maintenance agreement, Bosch supports its customers in continuously analyzing the threat situation over the lifetime of a
vehicle to identify new vulnerabilities and to be able to respond quickly. By using intrusion detection systems (IDS), attacks on vehicles can be automatically detected, reported to a central vehicle security operations center, and analyzed there.
Software updates help ensure cybersecurity over the service life of vehicles.
On many devices such as smartphones and computers, regular updates are part of everyday life today. The need for such updates is also growing in the automotive sector in order to close vulnerabilities and provide new features. A great challenge in doing so is the long service life of vehicles, which can mean that software must be modified and released again for use in the vehicle even many years after it was originally developed.
As part of a maintenance agreement, Bosch supports its customers in ensuring that updates can be provided as needed, so that secure operation is ensured even years after development.
With its ESCRYPT cybersecurity solutions, ETAS GmbH, which is part of the Bosch Group, is an important partner and internal supplier for holistic cybersecurity in the automotive sector.
Protection against cyber attacks as well as data security and integrity is the foundation of the future service models of automated and connected mobility.
Bosch is working on security in the automotive sector with over 300 cybersecurity experts. This broad field offers many possibilities for personal development and making an important contribution to the secure mobility of the future.
Our Bosch PSIRT is working hard to find and fix security vulnerabilities.
The Bosch product security incident response team (PSIRT) is the central point of contact for external security researchers, partners, and customers to report possible security vulnerabilities in Bosch products. If you have discovered a vulnerability, please use this link to let us know. We are grateful for any information.
Are you interested in our solutions? Then write us a message. Our sales team will be happy to help you.
Start enquiry
