Contact now
Contact now
A red MAN truck drives along an empty road under a clear night sky with shining stars.

MAN: Efficient threat analysis for control units

Project duration: 7 months

MAN Roland-1
HomeCase StudiesMAN: Efficient threat analysis for control units
Industry

Automotive

Result

Risk profile of the new control unit

Most important methods

Threat & risk analysis according to 4×6 methodology, ThreatSea, ISO21434

The requirement: MAN lives safety

With the digitalization of its vehicles, MAN Truck & Bus is facing the challenge that trucks are becoming an increasingly attractive target for virtual attacks. This is why security plays an essential role in the development of MAN's new CM4 connectivity control unit.

Using risk analyses based on the 4×6 methodology, our MaibornWolff experts supported the MAN development teams in protecting the communication channels and digital functions of the control unit - appropriately and in a targeted manner.

  • Smiling truck driver looks out of the window.
  • Red MAN truck drives past at sunset.
  • White MAN truck driving fast along the highway.
  • Hand on the steering wheel on a sunny drive.

The secret to success: close collaboration with the development teams

Working as closely as possible with the development teams. This is our basic philosophy when identifying and assessing threats. No one has a better idea of how the target system could be attacked than its "creator". This allows us to quickly identify relevant threats and immediately develop tangible security measures together with the development team.

Valencia-04

Procedure: comprehensive threat and risk analyses

In over 20 threat analysis workshops with various application and system development teams, more than 500 potential risks for the control unit were evaluated - and effective security measures were developed at the same time. The development teams were able to start implementing these measures immediately. At the same time, our technical experts brought the results into line with MAN's overall vehicle risk analysis procedure and ISO21434.

This took a lot of pressure off the teams due to compliance-related documentation requirements and achieved a high degree of parallelization.

Methods: analyze threats quickly and easily

With MaibornWolff's 4×6 methodology and the use of ThreatSea, threat and risk analyses can be carried out efficiently and easily accessible. The methodology provides users with sufficient know-how without having to be security experts themselves. As a result, the developers' knowledge of the system's internals can be utilized efficiently. The technology-independence of the methodology makes it possible to use it both for the control unit itself and beyond (e.g. for the communication channels towards the backend). This enables an end-to-end view of the overall risks.

The feedback from the development teams from the threat analysis workshops and the findings of the project flow directly back into the development of ThreatSea.

Poligon man
With MaibornWolff's threat analysis, we quickly came to tangible results in order to establish the right level of security for the CM4. With the following end-to-end analysis of the 'Secure Diagnostics and Flashing' use case using the 4×6 methodology, we will build on the knowledge gained and gradually bring even more security to our vehicles and their ecosystem.
Francesco Bruno, Head of Vehicle Security, MAN Truck & Bus SE

Our references & projects

A reference is worth more than 1,000 words. Fortunately, we have dozens of them. Click through a selection of our most exciting projects and see for yourself!

See all references

Why MaibornWolff?

As one of the most innovative IT service providers with a great passion for AI, we focus entirely on the project business and individual software development - without our own products. To stay at the forefront, we continuously invest in our team of digital technology engineers and develop digital solutions that are well thought-out, efficient and reduced to the essentials.

Our principle: simplicity instead of complexity. We only develop what is really needed - tailor-made, useful and reliable. Our results speak for themselves. With over 800 large-scale systems and more than 10,000 person-years of experience in high-end software engineering, we are one of the few who can reliably implement even the largest and most complex IT landscapes. Thanks to close partnerships with leading hyperscalers, our customers operate their solutions in today's most modern and powerful environments.

Less technology. Better Business.

See all Services
Find what suits you best
Refine your search
clear all filters