Think of this high level guidance as the proverbial carrot, while included regulations are the stick.
UN R155: The forcing function
The main regulation from the WP.29 cybersecurity frameworkwork in June 2020, instructs OEMs to integrate cybersecurity into the complete life cycle of their vehicle engineering process. In simple terms, it boils down to two key details:
OEMs must establish and implement a cybersecurity management system (CSMS) that implements–leads engineering process for vehicle components, subsystems and assemblies.
Car manufacturers must to prove conformity within their CSMS to secure “type approval” from the UN. Without approval, a vehicle will not be allowed to travel on public roads.
UN R155 start execution in major markets such as the EU, UK and Korea July 1, 2022— affecting all new vehicle types produced from that point on. As of July 1, 2024, all vehicles in production will have to comply.
ISO/SAE 21434: the Key to compliance
If you imagine UN R155 as a lock, then This is the key. Unlike UN R155, it is not a regulation, it is a standard. While UN R155 mandates the deployment of a CSMS, ISO/SAE 21434 explains how Actually enforce a.
Like functional safety, automotive cybersecurity follows the traditional model “V-Model” engineering. This means that all component and system testing are covered by verification and the validation processes, which take place on the right side of the model.
But there is a catch. “Ssecurity” is an ever-changing target. Only you need test functional safety once a making up. BBut with new threats, exploits, and vulnerabilities emerging every day, cybersecurity testing is anything but a unique proposition.
This is where a CSMS comes in. A good CSMS requires a thorough assessment of applicable threats, which is accomplished through a Threat Analysis and Risk Assessment (TARA). Following a TARA, Equipment manufacturers can identifierthereenforce and Verifthere attenuations before to pushengineers to components and systems via software update. With an efficient CSMS, OEM can reassess and mitigate emerging threats in a timely manner, while ensuring that their fixes do not inadvertently expose other making ups or systems tackle.
How can automakers fight cybercriminals?
Now that the standards have been written and regulations have been adopted, the next question seems too obvious.
“Where do we go from here?”
Given the state of the threat landscape and upcoming regulations, it is easy to to understand uncertainty. But ISO/SAE 21434, WP. 29 and UN R155 are not a threat. They are one game book beat cybercriminals at their own game.
But what does that mean? Well, for automakers, that means atackleing your clean Vehicles—before anyone else has the chance.