Automotive cybersecurity is not a new topic but is getting more and more traction over the increase in connectivity and computerization of mobility as a whole. In January 2021 two New UN regulations on Cybersecurity and Software updates for passengers’ cars, vans, trucks, buses, trailers, and agricultural vehicles, entered into force.
The WP 29 new UN regulation lays out the baseline processes and systems to manage and deal with security concerns. It also formalizes the responsibilities and requirement for evidence to be submitted for compliance that fall primarily on the OEM. (Editor's note: The UN WP 29 has officially passed the UNECE R155 automotive cybersecurity regulation that will go into effect in July 2024. Click here to read more about UNECE R155.)
This regulatory requirement is not to be confused with ISO21434, which is the new joint standard between ISO/SAE regarding vehicle cybersecurity. The two are not mutually exclusive though they are similar in some ways.
We’ve now reached a point where security is a safety concern, it was only a matter of time for regulation and legislators to step in and create a baseline that all vehicles must comply with. As security assurance is not the sum of its parts, a systematic approach is needed from the concept phase and up to post-deployment on the vehicle level.
Annex 5 is perhaps the best representation of what is to be expected. Although it is incomplete and cannot be applied to every system, it is a comprehensive list of things to be taken into account when designing or changing any system. What this effectively means is that the OEM and every automotive supplier must conduct and produce evidence for an assessment and its conclusions for their scope of work. The OEM must compile all the information, conduct an assessment of its own, and undergo an evaluation by a body of authority.
The next generation of E/E architectures and its ECUs are in the planning phase right now and are expected to be deployed within 2-5 years. The rather short adoption time frame means that OEMs and suppliers need to prepare for compliance immediately. Since the regulation encompasses the entire vehicle from its inception, it would be nearly impossible to go back and fix violations as it may be inherent to the design.
GuardKnox brings the automotive market the freedom to evolve. Mixed-criticality platforms, the company's signature, cannot exist without security as its foundation. With its roots in defense aviation, security by design has always been an integral part of all offerings.
GuardKnox has also partnered with industry leaders in order to bring customers a complete solution for off-vehicle requirements such as Palo Alto Networks© for a full end-to-end cybersecurity solution, DXC Technologies for cybersecure Fleet Management Systems (FMS), real-time monitoring, and in-depth analysis of security-related events, and CAROTA for seamless and secure OTA capabilities in connected vehicles and cyber security for the Vehicle Security Operation Center (VSOC)..
GuardKnox is pleased to announce that the company and all product development processes are compliant with the new WP 29 UN regulation.
2) United Nations Economic Commission for Europe PR
3) The Wall Street Journal's POV