How to become … Head of Automotive Cyber Security

Dec 07, 2022

We are launching our new blog series “How to become…” to show you how our experts became who they became, what influenced their careers, and how they look into the future. Today, we want to start with a man who is a recognized expert in the automotive sector, Thomas Thurner, Head of Automotive Cyber Security at Digital & Product Solutions.

Tell me a bit about the first steps in your career and your role at DEKRA.

I started in 1988 with my diploma in electrical engineering/electronics from the University of Stuttgart. My professional career began with a vehicle manufacturer and led me through various positions in different consulting and engineering service providers, which ultimately gave me a broad overview. However, this also meant a continuous build-up of knowledge in the field of technology and development. In terms of content, my focus was always on embedded systems engineering, architectures, testing, process quality assurance, security, and tamper protection.
This is also the reason why I ended up at Digital & Product Solutions as Head of Automotive Cyber Security (ACS). Automotive Cyber Security is a new topic area that affects the entire automotive industry through new standards and regulations. So there is a lot for us to do.

“Automotive Cybersecurity – All activities and technologies necessary to protect a vehicle against attacks, which could lead to damage scenarios.“

– Thomas Thurner

You are officially authorized by the KBA (Kraftfahrtbundesamt), tell us more …

The KBA is the German abbreviation for the German Federal Motor Transport Authority. With its tasks, the KBA makes an important contribution to increasing road safety in Germany and in Europe. For the Homologation/Type approval of new vehicles, it is supported by neural technical services such as DEKRA.
New Cyber Security and Software Upload regulations not only need typical testing know-how but also a broad spectrum of know-how in the respective domains as well as E/E architecture and process know-how. Hence the vehicle technology is addressed but also the OEM’s management to deal with Cyber Security and Software Upload activities.
I’m (together with colleagues) a named expert by the KBA to support the necessary organizational audits of OEMs concerning their management systems for Cyber Security and Software Upload and in the type of approval of respective E/E architectures (CS-types, SU-types).

What are the needs and problems of your customers?

As I said before, the automotive sector is strongly evolving. Therefore, there are always new regulations and standards such as the R155/R156 or ISO/SAE 21434 and ISO/DIS 24089 to consider. Customers often do not know what exactly they need to fulfill the requirements. That’s why we adapt our offer to the needs of the customer. The offer can contain training, consulting, auditing, product assessment, CS-testing, and certification, or only parts of that spectrum.

Which developments in the industry do you find particularly exciting?

The “Merging” of Cyber Security and Functional Safety in the automotive industry.
Not only the regulations with the organizational audit but also how the product development, production, and maintenance are of importance.

10 years from now – How has the Automotive Cyber Security industry evolved?

Cyber Security and Software Upload will be a normal issue – like it has been the case for Functional Safety in the last 20 years.

Biggest challenge in your job?

The concentration of a broad spectrum of specific know-how. And of course, the war for talent is also affecting us, so consequently, it’s difficult to find staff members.

What does innovation mean to you?

Innovation is the answer of the market about an invention or a trend. If something is new and has a successful market penetration (or even disruption)– then you can talk about innovation.