KAVACH- A Cyber Security Management Tool

The ‘KAVACH’ Cyber Security Management System tool is a comprehensive software solution designed to guide organizations through the process of Identifying, Assessing and Managing cybersecurity risks in accordance with the ISO 21434 standard. The application provides a structured workflow that enables users to systematically analyze potential threats, evaluate their impact and make informed Risk Treatment decisions.

Connectivity & Autonomous Vehicles: The Urgent Need for Robust Cybersecurity With the rapid rise of connectivity and autonomous technologies in the automotive industry, cybersecurity has become a critical priority. Autonomous vehicles, connected car systems, and integrated software are fundamentally changing the landscape of road transport, but they bring complex challenges. These vehicles are now interconnected with digital ecosystems, rely on vast networks of embedded systems, and operate using intricate software architectures — making them prime targets for cyber threats. As vehicles become more software-centric, each connection point, from in-vehicle infotainment systems to telematics control units, presents a potential entry point for attackers. The consequences of such vulnerabilities extend far beyond data breaches: compromised systems could enable unauthorized access to vehicle controls, potentially jeopardizing human lives. The Evolving Regulatory Landscape: What’s Changing and When? Recognizing these risks, regulatory bodies worldwide have established strict automotive cybersecurity standards. UNECE Regulation R.155 and ISO/SAE 21434 are now shaping the industry by requiring vehicle manufacturers and suppliers to incorporate cybersecurity at every stage of product development, not just as an afterthought. UNECE R.155 mandates that automotive companies establish a cybersecurity management system (CSMS) that addresses cybersecurity risks throughout a vehicle’s lifecycle, including development, production, and post-production phases. As of 2024, UNECE audits are required for Type Approval in many markets, which means non-compliant vehicles can’t be legally sold. This has made it essential for manufacturers and suppliers to not only implement robust cybersecurity measures but also to document and demonstrate their compliance through extensive reporting and cybersecurity governance. The Problem: Why the Industry is Struggling Many OEMs and suppliers find these regulations challenging to interpret and implement due to the complexity and novelty of cybersecurity requirements in the automotive sector. The integration of stringent cybersecurity practices into established automotive development processes is a significant adjustment. Additionally, there’s often a lack of standardized tools and frameworks that can systematically address risk assessment, threat modeling, and compliance documentation in alignment with ISO 21434 and UNECE R.155. The Solution: How KAVACH Can Transform Automotive Cybersecurity KAVACH is designed specifically to help OEMs, suppliers, and other stakeholders meet these new cybersecurity requirements with ease and efficiency.

Features

Target Evaluation

Identify & define the scope of Target under Evaluation with built-in Rich Text editor. Option to attach the Design & Requirement Documents.

Asset Identification

Identify and assign Cyber Security properties (Confidentiality, Integrity, Availability, Authentication, Non-repudiation etc.. ).

Categorise assets with built in Threat

Catalogue (Hardware, Monitoring, Communication, Sensors etc..).

Damage & Threat Scenario Analysis

Damage Scenario:

Inbuilt option for overall Impact analysis of Damage Scenario based on SFOP, Controllability & exposure.

Threat Scenario Analysis

Automatic Threat & Threat Scenario generation based on Cyber Security Properties and category of assets.

Threats are mapped based on the STRIDE principle.

Attack Tree

Automated generation of Attack Tree collection for each Threat Scenario.

Built in graphical Attack Tree Editor, supports drag-drop of attack tree nodes and automatic routing of attack paths for Large Trees.

Integrated Attack Feasibility calculator using Attack Vector, Attack Potential and CVSS based rating methods.

Attack Path Analysis

Automated extraction of attack paths for large attack trees.

Support automated attack feasibility calculation for each attack path.

Automated Prioritization and sorting of attack paths based on Attack feasibility rating.

Risk Value Determination and Risk Treatment

Automated Risk Value calculation to facilitate Risk Treatment Decision.

➢Risk Treatment strategy to handle the Risk (Avoid, Reduce, Share & Retain).

➢Prioritise the Risk and define the Risk mitigation strategies.

➢Risk mitigation hints to support user for overall Risk Management.

➢Automated residual Risk calculation and comparison of initial and residual Risks.

Security Controls

Define security controls inline with Risk Mitigation strategy.

Generate PDF, Word and HTML report of all Project CyberSecurity contents.

Automated & Customizable executive summary report with insights like – High Risks, Critical Assets, Risk Distribution and Risk Reduction Effectiveness etc..

Detailed reports of TARA and Attack Trees diagrams.