Lesson 1Logical architecture mapping: methods to document network zones, trust boundaries, data flows between ECUs, gateway, telematics, and cloudThis section presents methods to document logical architectures, including network zones, trust boundaries, and data flows between ECUs, gateways, telematics units, and cloud services, supporting systematic threat modeling and controls for Botswana vehicles.
Identifying assets and communication endpointsDefining network zones and security levelsDocumenting trust boundaries and assumptionsModeling ECU, gateway, and cloud data flowsUsing diagrams to support threat modelingLesson 2Automotive Ethernet fundamentals: PHY, switched topology, VLANs, TSN basics relevant to vehiclesThis section covers Automotive Ethernet basics, including PHY options, cabling, and switched topologies. It explains VLAN segmentation, QoS, and TSN features that support deterministic, safety-relevant traffic in modern vehicle networks used in Botswana.
Automotive Ethernet PHYs and cabling optionsSwitched topologies and redundancy patternsVLAN segmentation and traffic separationQuality of Service and priority mechanismsTSN concepts for deterministic in-vehicle trafficLesson 3CAN bus fundamentals: signal framing, message IDs, arbitration, ECU rolesThis section introduces CAN bus concepts, including frame structure, identifiers, and arbitration. It explains ECU roles on the bus, typical signaling patterns, and timing behavior, preparing learners to analyze and secure CAN traffic in Botswana.
CAN frame structure and bit-level signalingStandard vs extended identifiers and ID designArbitration, bus load, and priority handlingECU transmit, receive, and diagnostic rolesError handling, fault confinement, and bus-offLesson 4ECU types and responsibilities: powertrain, gateway, infotainment, telematics, domain controllersThis section classifies ECU types and their responsibilities, including powertrain, body, infotainment, telematics, and domain or zone controllers, and explains how their roles influence security priorities and network placement in Botswana vehicles.
Powertrain and chassis control ECUsBody, comfort, and ADAS control modulesInfotainment head units and media modulesTelematics control units and connectivity ECUsDomain and zone controllers in new E/E designsLesson 5External interfaces mapping: cellular modem, Wi‑Fi, Bluetooth, OBD‑II — protocols, typical vulnerabilities, typical access modelsThis section maps key external interfaces such as cellular, Wi‑Fi, Bluetooth, and OBD‑II. It reviews protocols, common vulnerabilities, and access models, highlighting how attackers pivot from external surfaces into in-vehicle networks in Botswana.
Cellular modem stacks and remote access pathsWi‑Fi client, hotspot, and provisioning modelsBluetooth profiles and pairing weaknessesOBD‑II physical access and diagnostic protocolsCommon misconfigurations and abuse scenariosLesson 6Data classification and sensitive assets: safety-critical messages, cryptographic keys, firmware images, personal data on infotainment/telematicsThis section introduces data classification for automotive systems, focusing on safety-critical signals, cryptographic keys, firmware images, and personal data, and explains how classification guides protection and retention controls in Botswana.
Identifying safety-critical control messagesManaging cryptographic keys and key materialProtecting firmware images and update filesHandling personal and telemetry data in vehiclesRetention, deletion, and forensic requirementsLesson 7Cloud backend components and interfaces: backend update server, device registry, authentication, telemetry ingestion, API gatewaysThis section explains cloud backend components that interact with vehicles, including update servers, device registries, authentication services, telemetry ingestion, and API gateways, emphasizing trust, identity, and secure data exchange for Botswana fleets.
Backend update servers and campaign controlDevice identity, registry, and lifecycle statesAuthentication, tokens, and certificate handlingTelemetry ingestion, storage, and analytics flowsAPI gateways, rate limiting, and zero trustLesson 8Gateway ECU function and secure gateway design patterns: routing, protocol translation, firewalling, isolationThis section details gateway ECU functions, including routing, protocol translation, and traffic filtering. It introduces secure gateway design patterns for isolation, intrusion detection support, and controlled diagnostic access in Botswana vehicles.
Routing between CAN, LIN, and Ethernet segmentsProtocol translation and message normalizationFirewall rules and policy enforcement pointsNetwork segmentation and isolation strategiesSecure diagnostics and authenticated access
