FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions. 

Let's find out a more detailed explanation of FESCARO, starting by reviewing last year's key achievements.

 

In 2022, FESCARO promoted the Cybersecurity Management System (CSMS) certification for Ssangyong Motor, was selected as the BIG 3 future car sector by the Ministry of SMEs and Startups, signed an official reseller contract with 'Electrobit' for AUTOSAR, signed MOU with AhnLab for automotive cybersecurity, and won new contracts to strengthen partnerships.

 

We were able to share such good news since FESCARO's business capabilities and expertise in its field have been highly recognized and evaluated. We will be glad to show you why FESCARO is special one by one. First, let's start by examining why automotive cybersecurity is necessary.

■ The reason why automotive cybersecurity was legislated

In a hyper-connected society where everything is seamlessly linked through various devices, the value of automobiles as 'mobility' goes beyond being mere transportation and offers enhanced convenience in daily life. To achieve autonomous driving in the near future, cars must communicate in real-time with other vehicles, pedestrians, as well as diverse mobile devices and surrounding infrastructure. The convenience provided by the hyper-connected world cannot be free from issues related to security. It is because of being exposed to numerous hacking vulnerabilities. According to AltasVPN's 'Main Damages from Car Hacking Between 2010 and 2021', cyber crimes against cars are increasing day by day, and the damage is expected to reach about KRW 608 trillion by 2024.

 

So what will happen as a result of car hacking? Battery discharge or manipulation, tampering with the battery level, manipulating audio/visual/navigation data to disrupt driving, and steering control manipulation leading to unintended detours are some of the accidents that can occur due to car hacking. Car hacking threatens drivers, passengers, and pedestrians, making automotive cybersecurity essential, especially for autonomous driving.

 

The United Nations Economic Commission for Europe (UNECE) has enacted two regulations concerning this matter. The first is UN Regulation 155, which is the Cyber Security Management System (CSMS), and the second is UN Regulation 156, which is the Software Update Management System (SUMS). CSMS is an organizational process and management system designed to manage cyber threats and risks and protect against cyber attacks. SUMS refers to the methods, processes, and management systems for software updates in automobiles and control units.

 

Automotive OEMs seeking to sell vehicles in the European market must obtain both CSMS (UN R155) and SUMS (UN R156) certifications. Thus, automotive cybersecurity is now a crucial requirement for global expansion of OEMs. MarketsAndMarket, a global market research firm, predicts that the automotive cybersecurity market will grow at an average annual rate of 21.6% from 2021 to reach approximately KRW 6,385.4 billion by 2026. With these promising projections for the global automotive cybersecurity market, FESCARO is poised for notable growth. Let's take a look at why. 

■ What does FESCARO do?

FESCARO is a specialized automotive cybersecurity company consisting of automotive electronic control system developers and white hat hackers. We offer a comprehensive all-in-one solution that effectively caters to the automotive cybersecurity regulations mentioned earlier. This includes CSMS certification consulting, TARA (Threat Analysis and Risk Assessment), security solutions, engineering, and security testing. Let's briefly explore each of these services.

 

1. CSMS certification consulting

 

FESCARO runs a 'consulting organization specializing in cybersecurity'. We provide fast and systematic analysis of the latest trends in relevant regulations (UN R155, UN R156) and international standards (ISO/SAE 21434, ISO 24089) related to automotive cybersecurity. FESCARO also offers tailored consulting services to provide optimized support for various requirements and situations of automotive OEMs/Tiers. FESCARO also provides practical guidelines cased on validated references, outputs, and templates from our own success cases, enabling more efficient responses. These guidelines can be applied throughout the entire process, from design to verification, validation, production, and operation.

 

 

2. TARA (Threat Analysis and Risk Assessment)

 

Automotive OEMs want to identify cybersecurity threats that may affect their vehicles and control units through TARA analysis, and accurately assess the risks associated with these threats. FESCARO has been proven capable of identifying threats that can occur according to the characteristics of each ECU and identifying vulnerabilities according to the risk level of each ECU. Based on experience of conducting TARA on over 150 ECUs, we can clearly identify potential security vulnerabilities, and the outcomes serve as a basis for security testing requirements.

 

 

3. Security solution (FAST™ HSM)

 

FESCARO provides security solutions specialized for automotive ECUs. We possess security features such as Secure Access, Secure Boot, Secure Flash, Run-time Tuning Protection, Secure Storage, Secure Unlock, and Memory Protection, which comply with international regulations and meet the security requirements of automotive OEMs. We have ensured reliability through the high compatibility of global automotive semiconductor solutions (supporting approximately 70 models from the top 8 global companies and continuous support for new chips) and the implementation of NIST FIPS 140-2 compliant cryptographic library (FAST™ CLIB), which has been designed, implemented, verified and validated.

 

4. Engineering

 

For Vehicle Type Approval (VTA), automotive OEMs require the implementation of security features in all control units. In order to apply the cybersecurity function without affecting the basic function and performance of each ECU, an accurate understanding of the security requirements must be preceded. FESCARO is led by a CEO with a Tier1 background, which was the first to apply cybersecurity technology to mass production in Korea. The development team consists of experienced professionals with an average of over 20 years of expertise in the automotive domain. We have a high understanding of the complex security requirements of automotive OEMs and can provide optimized engineering for various ECU characteristics.

 

 

5. Security test

 

The international regulation UN R155 (CSMS) mandates that security performance applied to automotives and ECUs must be verified and validated through security tests. Furthermore, the international standard (ISO/SAE 21434) recommends that security experts, independent of the development organization, conduct security testing. FESCARO possesses a dedicated red team of expert white hat hackers and state-of-the-art security testing equipment. With over 100 test categories and approximately 200 cases per category, FESCARO has the capability for systematic verification and validation, covering a wide range of control units from low to high specifications.

 

 

■ Why is FESCARO special?

1. Experience in conducting 'company-wide' consulting for global OEMs

 

FESCARO provides effective consulting and solutions to address various international regulations and standards such as CSMS, SUMS, ISO/SAE 21434, and VTA, and is consistently generating successful case studies. Currently, we are conducting a company-wide consulting project to respond to cybersecurity (UN R155, CSMS) and SW update management (UN R156, SUMS) regulations for KG Mobility (formerly Ssangyong Motor), which sells cars in more than 100 countries. Last December, FESCARO obtained CSMS certification, and is currently in the process of obtaining SUMS and VTA certifications. In addition, in February of this year, Kanavi Automotive (formerly Humax Automotive) obtained ISO/SAE 21434 certification based on FESCARO's consulting services. FESCARO has a convergence view across the automotive value chain and lifecycle, as well as accumulated experience and know-how in electrification. Thanks to this, we are closely collaborating with various stakeholders not only in parts but across the entire spectrum in cybersecurity projects for OEMs and tiers.

 

 

2. Rich references validated from multiple perspectives.

 

FESCARO continues to deliver meaningful outcomes and achievements in various domains of automotive cybersecurity. As of the end of 2022, FESCARO has established a strong portfolio with more than 70 types of secure solution (FAST™ HSM) compatible chips, over 40 types of control units equipped with security solutions, TARA analysis performed on more than 150 control units, and more than 100 security testing assets with 200 test cases for each security testing item. This is one of the reasons why FESCARO is recognized as a leading cybersecurity company in Korea across industry, academia, and government.

 

 

3. International recognition for its security quality

 

FESCARO has established the quality and reliability of automotive cybersecurity through a prestigious global certification that closely adheres to international standards. In 2019, FESCARO obtained Level 2 certification in A-SPICE (Automotive-Software Process Improvement and Capability Evaluation), a development process assessment model for enhancing automotive software (SW) quality. A-SPICE, which stands for Automotive-Software Process Improvement and Capability Evaluation, is the application of the 'SPICE' standard for software development process improvement and assessment to the automotive domain. FESCARO's solutions are developed based on A-SPICE LEVEL 2, ensuring the quality and reliability of security software for vehicles.

 

Furthermore, in 2021, FESCARO obtained the rigorous FIPS 140-2 certification from the US government agency (NIST) for cryptographic algorithms and cryptographic modules, which form the core of FAST™ HSM. This recognition signifies that FESCARO's cryptographic library (FAST™ CLIB) is deemed suitable for use by the defense and government agencies of the United States and Canada.

■ FESCARO also makes ECUs?

UN R155 (CSMS) mandates that any cybersecurity attack occurring in a vehicle must be promptly detected and effectively responded to. On the other hand, UN R156 (SUMS) outlines that automotive OEMs are required to implement comprehensive management tools and processes for software updates of automotives and ECUs. To meet these regulatory requirements, it is necessary to protect the communication between all control units connected to the vehicle network and systematically manage the changed software configuration of the control units.

 

 

 

 

FESCARO has completed the development of the essential security gateway controller(FAST™ SGW) required for future vehicles. FESCARO's FAST™ SGW protects the in-vehicle network (IVN) and can respond to the Software Update Management System (SUMS). Furthermore, our cybersecurity monitoring and incident response system infrastructure allows us to address cyber threats and attacks swiftly. By utilizing cutting-edge technology and high-performance main chipsets, we have ensured functional scalability. The FAST™ SGW is set to be incorporated into mass production for global OEMs in 2023 and will subsequently expand its reach worldwide.

FESCARO is extending its business scope beyond control units to encompass the emerging Software Defined Vehicle (SDV) technology. This strategic move aims to position FESCARO as a leading future automotive software solution specialist, driving a paradigm shift in the automotive industry. With aspirations to become a key player in the future mobility sector based on SDV, we invite you to anticipate and watch our endeavors closely this year!