Abstract:

In recent years, our society faced a massive interconnection of computer-based everyday objects, which opens these items for cyber-attacks. Dependent on the physical capabilities, successful attacks can vary from data exposure or a loss of functionality to a threat to life and limb. Connected- and autonomous vehicles are extremely safety-critical systems with a huge damage potential. This global trend, together with existing and upcoming regulations (ISO 270xx, ISO 21434, UNECE WP.29, UNECE R155), and the lack of qualified professionals create a tension field for the entire automotive industry.

Hence, new education concepts for engineers of safety-critical and connected systems are necessary to secure our daily and future systems against cyber-attacks and raise awareness and knowledge of the topic of IT-Security. Existing automotive security education systems have one common problem: All systems are hardware-based and therefore have very steep learning curves for beginners. Hardware-based systems, in general, are expensive in their initial costs, require regular maintenance, and add diverse operational difficulties independent of the aspired education goal. Additionally, the global pandemic increased the necessity of virtual education concepts for security training in cyber-physical systems.

Therefore, we present a novel concept for the education of cyber-security professionals for automotive systems based on discovery and problem-based learning in a virtual learning environment (VLE). Our concept contains individual exercises focusing on the topics of vulnerabilities and attacks in automotive networks and systems. Each exercise relates those topics to the corresponding security goals and countermeasures for mitigation. The learners work collaboratively in a self-contained manner within the VLE to acquire the necessary information to answer questions or find a solution to the given problem. To consider the heterogeneous background (e.g. knowledge, experience, preconceptions) of the learners, the topics can be presented in different difficulties, enabling an adaptable learning environment and different learning trajectories within the exercises.

The concept is based on a VLE, consisting of automotive networks and components, which simulate the behavior of a vehicle. This environment provides a hands-on, "real-life" scenario, which allows discovery and problem-based learning in a realistic, but cheap and scalable education environment. Furthermore, virtualization removes common difficulties, always present in training on real hardware. This aims to decrease complexity, prevent learning obstacles related to hardware handling, and enables a location-independent learning environment.

The target group of our education concept is Bachelor and Master students of computer science, engineering (e.g. electrical engineering, mechatronics), or similar studies, and (experienced) engineers from the industry.

In summary, our publication contains two contributions. We present an adaptable virtual learning environment for automotive security education, combined with an educational concept based on discovery and problem-based learning techniques. The goals of our concept are the education of cyber-security professionals for safety-critical, connected automotive systems and the support of life-long learning reaching from academic education to training in the industry.

Keywords:

Security education, automotive systems, virtual learning environment, inductive teaching, discovery learning, problem-based learning, higher education, training.