Ensuring Compliance with Automotive Security Standards

In the ever-evolving world of smart cars, cybersecurity has emerged as a significant priority in the automotive industry. Automotive manufacturers are facing a market that demands smart vehicles meet more stringent automotive security compliance requirements. Providing evidence of security rigour to regulators, stakeholders, and consumers is more critical than ever.

FREMONT, CA: Cybersecurity has become a top concern for the automobile sector in the constantly changing world of smart cars. The market is compelling smart vehicles to adhere to more strict standards for automobile security compliance. It is more important than ever to show authorities, stakeholders, and customers that security is rigorous. The chips that drive these systems serve as the brains of modern automobiles, handling everything from sensor data processing and vehicle control to communication and data storage. The security of these chips is crucial to preventing potential assaults or manipulation that could jeopardise the functional safety and cybersecurity of the vehicle because modern electric automobiles have more than 5,000 semiconductors.

Automotive suppliers must keep up with the latest automotive cybersecurity standards. Whole supply chain protection necessitates keeping up with the industry's continually changing norms and rules. For instance, ISO 21434 "Road Vehicles - Cybersecurity Engineering" and UN Regulation #155, which establish consistent approval requirements addressing vehicle cybersecurity, offer essential instructions on how to minimise design and development risks when it comes to automotive electronics. Automotive manufacturers may offer their customers a high level of assurance and build market trust in automotive cybersecurity when they use security solutions like these.

OEMs and other enterprises in the supply chain must make sure that the security-by-design approach is open and well-documented for them to demonstrate compliance with industry standards like ISO 21434. This procedure entails steps such as testing for cybersecurity with sufficient coverage, thorough hardware and system verification, clear cybersecurity procedures and guidelines for the creation process, and adherence to standard best practices for cybersecurity. By complying with standards like ISO 21434, firms in the automotive supply chain put cybersecurity at the outset of the development lifecycle. This makes it possible for developers to recognise, rank, and address cybersecurity concerns before they become a concern.

OEMs are in charge of homologating their vehicles and proving that they comply with all applicable laws and regulations. To mitigate cybersecurity risks and produce vehicles that are secure by design, OEMs will also be required to follow and implement cutting-edge practices from their upstream value chain partners because they obtain a significant portion of the components for their vehicles from suppliers and semiconductor manufacturers. To support the type-approval procedure, which is the duty of the OEM, these partners must demonstrate compliance with the rules.

 

Automotive players must be able to react to any security incident that is discovered and offer software upgrades to address security flaws. To do this, they must methodically identify target vehicles for updates and guarantee that software changes are compatible with the vehicle's configuration and won't impair certified safety-relevant systems.

The automotive value chain requires a much more explicit understanding of expectations from all stakeholders, despite existing laws and enforcement standards. Automotive players are expected to build interfaces and points of contact for vehicle cybersecurity between parties to uphold this greater level of rigour. They are also expected to identify apparent roles and duties for vehicle cybersecurity (not just enterprise cybersecurity). Establish measurable service levels based on industry best practices for other aspects of vehicle quality and agree on a minimum set of cybersecurity and cyber-risk management procedures for contractual agreements. Determine the organisational, technological, and legal (such as intellectual property) requirements that permit security testing and attestation of vehicle software security for the entire E/E vehicle architecture or each ECU.

Selective security methods are no longer adequate to completely safeguard cars. The scope, performance, and auditing of a security system must instead be specified using methodical and strategic methodologies. The full product lifetime should be covered by the strategic strategy. Here, the emphasis must be placed on things like the integration of the entire supply chain or the long-term availability of software updates. The Global Conference for Harmonisation of Vehicle Rules of the United Nations Economic Commission for Europe (UNECE) established two legally binding regulations to establish an acceptable framework for automotive cyber security. The rules, which are closely connected and are published under the initials UNECE R 155 and UNECE R 156, address IT security and software updates in automobiles.

The UN regulations mainly refer to the obligation placed on automakers to implement the new standards. Yet, to show that the rules are being followed at all times, this also requires monitoring and auditing cyber security throughout the supply chain. As a result, the maker must keep an eye on suppliers. And it will probably demand that its suppliers follow the new criteria as well. Passenger automobiles, vans, trucks, and buses that have autonomous driving features are subject to the two requirements. New models of automated pods, shuttles, or analogous vehicles also fall under this category. Moreover, trailers with at least one electronic control unit are subject to the rules as well.

It is crucial to maintain the vehicle software appropriately and to keep it always current, for example by bug fixes or updates, as fully autonomous vehicles will soon be allowed to participate in traffic. R 156 consequently mandates the installation and use of a Software Update management system (SUMS) for all vehicles that comply with the standard. It is meant to offer constant security for the duration of a vehicle's life.