The Korea Herald


Fescaro's 'defense in depth' system allows multi-layered vehicle cybersecurity strategy

By Korea Herald

Published : March 25, 2024 - 11:21

    • Link copied

CTU Lee Hyun-jung of Fescaro (Fescaro) CTU Lee Hyun-jung of Fescaro (Fescaro)

With the concept of software-defined vehicles growing more prominent in the automobile industry, so is demand for automative cybersecurity.

Fescaro, a leading cybersecurity specialist, has what it calls a "defense-in-depth" system that has a multi-layered strategy to provide security for the security of the car's system.

The first layer cuts off the primary risks by filtering the inbound communications through a security gateway. The secondary layer applies security solutions to the end-point electronic control units to ensure the validity and authenticity of the firmware. The last layer involves the external elements of a vehicle, through use of technology that detects any interference with vehicle-to-everything communications.

Fescaro stressed the importance of consistent and response management, for which implementation of the Security Information & Event Management, or vSIEM, is crucial. This involves establishing a multi-layered defense system that allows the analysis, research and development of security technologies based on collecting data.

Fescaro's vSIEM system, visualizes the messages transmitted through the controller area network for the user to see, which include information like incidents regarding the car's security. This, officials said, is effective in reducing the workload by automatizing what had previously required manual work by a person.

Fescaro said its all-in-one cybersecurity solutions are customized to meet the needs of its clients, in accordance with changing international standards.

The company said it conducts interviews with the research teams of client companies for detailed assessment of their work status and interest. It uses that information to create an "all-in-one" solution for all aspects of clients' activities, from production to maintenance, including suggestions on how to optimize workflow and operational management.

(Fescaro) (Fescaro)

Fescaro stressed the importance of addressing automotive cybersecurity challenges presented across the entire lifecycle of a vehicle, from development to post-production.

The advancement in cybersecurity comes hand-in-hand with that of hackers, which calls for a real-time incident response system that can fend off attacks. The company vowed to carry on its founding motto of "offensive security" through automated security solutions that will identify potential security risks and carry out preemptive measures.

Fescaro is the only South Korean firm to successfully help its client companies obtain the four certifications related to the requirements of UN Regulation No. 155 on cybersecurity regulation: the cyber security management system, ISO/SAE 21434, software update management system and vehicle type approval.

The company's automotive cyber security solutions, based on its internationally patented technologies, have also become the first from South Korea to acquire Federal Information Processing Standard Publication 140-2 certification from the US National Institute of Standards and Technology. The certification is an IT security standard for private sector products used by the US government.

Fescaro has also procured Automotive Software Process Improvement and Capability Determination Level 2 certification. APICE is a standard for software development introduced by European carmakers to assess their reliability and competency.

Fescaro is a vehicle cybersecurity specialist that has gone through all major certification processes (CSMS, ISO/SAE 21434, VTA, SUMS). It is the only company in Korea to have obtained what is referred to in the field as the "grand slam of vehicle cybersecurity certification consulting.” -- Ed.