The automotive world has changed more rapidly than ever in 10 years. While until recently the main purpose of road vehicles was to provide safe transportation from point A to point B, studies are now being carried out to divide the driving experience and comfort and even transform it into passengers with autonomous drive technologies. Some of the trend topics are electric vehicles, autonomous drive, infotainment systems, ADAS, OTA, keyless access and etc.
All these developments changed the perspective of the automotive ecosystem, caused automotive software getting ahead of mechanics and increased dependency to software. Developing new technology and complex automotive software architectures have exponentially increased the number of data processed during driving.While there are approximately 40 Electronic Control Units in today’s modern vehicles, this number can go up to 150 in newly developed vehicles.
Although this rapid transition has led to major changes for automotive manufacturers and suppliers, cyber security services are perhaps the most unprepared. While functional safety criteria have been sufficient until now, OEMs and suppliers must now ensure that the control units they develop are cyber security compliant.1
So what are the Cyber Security Regulations that shall be covered?
UNECE R 155 / R 156
UNECE (United Nations Economic Commission for Europe) and the WP29 (World Forum for Harmonization of Vehicle Regulations) working group under its umbrella is an authorized institution that publishes regulations on road vehicles and is accepted by many countries in the world. There are currently more than 100 UNECE regulations that OEMs must comply with on issues such as functional safety, environmental factors, vehicle performance. In 2021, for the first time, two regulations related to cyber security, named UNECE R 155 and UNECE R 156, came into force.
Regulation No. 155 specifies cyber security requirements and obliges automotive manufacturers to control the security system throughout the entire life cycle of a vehicle, starting from its design, with the Cyber Security Management System (CSMS). You can access UN/ECE regulation No. 155 here.
Regulation No. 156 requires vehicle manufacturers to establish a secure, controlled and centralized Software Update Management System (SUMS) to prevent unauthorized or harmful updates and to provide original software updates. You can access UN/ECE regulation No. 156 here. These regulations, which are valid for new vehicles produced as of July 6, 2022, will be valid for all vehicles produced as of July 7, 2024. Relevant vehicle types that do not comply with these regulations will be in danger of not being registered.
ISO/SAE 21434
The ISO/SAE 21434 Cyber Security standard was developed with a similar structure and list of requirements, based on the already well-functioning ISO26262 standard, and is a process-oriented solution that will enable both the Cyber Security Management System (CSMS) requirements and the R155 regulation to be met and can be implemented by OEMs. It is a standard.
Some of the topics included in the standard are as follows:
- Secure development, production-related processes, post-production of tools and components;
- Managing secure development, training, orientation and competencies;
- Incident response;
- Monitoring and managing vulnerabilities;
- Security-focused risk assessment and definition
- Security testing and verification;
- Supply chain interaction and management
As a result, Cyber Security is now an essential part of the automotive ecosystem and is becoming increasingly important. The automotive cyber security market is expected to reach a value of approximately 32 billion USD by 2030.
Contact us now to discover the Cyber Security software module solutions and technical support capabilities of Mechatnom, Turkey’s most experienced company in automotive cyber security!
Kıvanç BİRKES
Business Development Manager