For every technological device on the market, there are also cybersecurity precautions put in place. Why? Because with the advancement of any technology there poses the issue of a security breach. The more advanced the technology, the more there is a security risk.
As vehicles today became more sophisticated, they also need to have cybersecurity measures put in place. The United Nations Economic Commission For Europe (UNECE) states that cars today have close to 100 million lines of software code, and that number should grow three times by 2030. As a result, they implemented regulations for vehicle cybersecurity that will be part of the current WP.29, will be enforced by July 2024. According to Deloitte, while that may seem far away, it’s actually quite close since the development of new vehicles can take three to four years, so the time for implementation is now.
Included in these regulations is managing cybersecurity in the vehicle by understanding the vehicle’s cyber vulnerabilities, creating security for the vehicle via supply chain partners and other OEMs creating components, detecting security breaches, and offering mitigations throughout the lifecycle of the automobile. As Deloitte highlights, some of the challenges facing auto manufacturers today are the fact there are so many supply chain partners that contribute to a single vehicle all need to implement cybersecurity measures. Additionally, there is a cybersecurity talent shortage which makes it difficult to enact these regulation measures.
In parallel to WP.29 Regulation the ISO organization is working on a new cybersecurity standard called ISO 21434 in cooperation with SAE International, which is designed to create a standard for risk management. The document details requirements around the security for “engineering for concept, development, production, operation, maintenance, and decommissioning for road vehicle electrical and electronic (E/E) systems, including their components and interfaces.” WP. 29 is expected to use ISO 21434 as a reference.
Today, the first cut of standards are encompassed in the regulation and ISO standard, which define the categoric directive for implementing cybersecurity management systems for the protection of vehicles. The industry also expects additional standards to be passed such as the Cybersecurity Act in the EU, the Chinese ICV program, new guidelines from JASPAR in Japan, and legislative proposals from the US Congress. The world is witnessing an industry-wide collaborative effort to create a basis for automotive cybersecurity.
Per the standards passed, OEMs and Tier-1s are required to implement cybersecurity solutions that are comprehensive and can operate throughout the lifecycle of the vehicle. Three capabilities that are crucial when integrating a security solution are: visibility, control, and protection. These capabilities empower OEMs and Tier-1s by simplifying in-vehicle cybersecurity management. Additional features that are important, include:
Harmonizing communications across the supply chain.
Automating threat identification and prevention.
Evolving with vehicles’ needs to protect autonomous vehicles.
A unique and scalable platform that can provide cybersecurity management of all the components in the vehicle and provide transparency and management of detecting risks, planning, policy creation, and policy enforcement will be key.
Since the regulations are demanding compliance by 2024, OEMs and Tier-1s needs to implement a solution that will provide the security that the market demands and consumers expect. In order to make the deadline, the race for cybersecurity protection has begun so that the industry and consumers will have the much needed assurance of safety and of course, security.