INCOSE Canada: Cybersecurity by Design

    Meeting Title: Cybersecurity by Design

    Speaker(s)Bob Hruška & Christoph Schmittner

    Date: Thursday,15 June 2023

    Venue: via Zoom

     12:00 PM – 1:30 PM Canada Eastern Time

    Registration required

    Meeting Description:

    Cybersecurity by Design: holistic development of secure systems in the automotive and industry field. Cyber Threats stem from 4 problem areas: the complexity of systems as IoT presents to us, the vulnerability of systems due to software inconsistencies, the know-how of attackers and the tools to do so. The sticking point becomes apparent in the development process of systems. But here, security considerations follow most often at the end of the process, which also leads to insufficient documentation.

    Threat Modeling+: The methodology to develop secure systems, in compliance with standards and regulation.

    Insufficient documentation contradicts industry-specific standards and norms. For example, the Industrial Security Standard (IEC62443) is worth mentioning, as is ISO/SAE-214343, which makes risk analysis and system design equally mandatory. In the future, the Cyber Resilience Act will mandate such an approach for all digital systems.

    The approach of “Cybersecurity by Design” with its implementation in Threat Modeling has existed for some time. The aim here is to identify potential threats in the system model based on a threat model. The AIT Austrian Institute of Technology has further developed this modeling method with artificial intelligence and industry-specific threat catalogs under the name “ThreatGet”.


    Bob Hruška (formally known as Bohumil) is an OMG Certified UML® Professional™ with over twenty years of experience in software and systems engineering, contributing to an institutionalization of cybersecurity as a part of a system development lifecycle (SDLC). He has played various roles in several sectors delivering solutions that provide real value for customers. Bob is also experienced in the Capability Maturity Model Integration (CMMI) appraisal journey and with development of the New Product Introduction (NPI) process.

    Christoph Schmittner (MSc) leads a team for Safety and Security Engineering at the AIT Austrian Institute of Technology with the main field safety and security in the automotive and industrial sector. He is a member of numerous committees such as the Austrian mirror committees for ISO/TC 22 Road vehicles and a designated expert in the corresponding international standardization groups such as TC65/AHG2 “Reliability of Automation Devices and Systems” as well as project leader for the development of ISO PAS 5112 “Road vehicles – Guidelines for Auditing Cybersecurity Engineering”.