Automotive security compliance
Modern vehicles are being designed with more and more embedded capabilities and functionalities, stimulated by the wish of offering users better control, more connectivity and overall an improved driving experience. Together with these attractive modern functionalities, the possibilities of cybersecurity attacks are increasing as well. Threats such as maliciously obtaining control of the vehicle and performing more or less dangerous actions were already demonstrated, which led to an increased awareness towards automotive cybersecurity.
The importance of cybersecurity is recently recognized more and more by regulatory bodies, who are currently working on dedicated vehicle cybersecurity regulations. In the meantime, it is the responsibility of automotive systems developers and manufacturers to assure that their products take security into account, incorporating sufficient and effective security controls.
As automotive cybersecurity is currently evolving into a mature topic, we understand that finding and using existing frameworks in order to align your products can be a cumbersome activity. This is why Secura can help you in this process towards a successful result. By being actively involved in security standardization activities, we have a complete overview of the relevant publications, as well as emerging initiatives and regulations.
We base our assessment on the requirements of an up-coming EU level regulation issued by UNECE. As the regulation is currently in the development stage, aligning to its requirements beforehand could represent a very important step that manufacturers can consider. In order to test and determine compliance with the requirements, we rely on existing automotive specific best practices and standards. Examples of such publications are the “Cybersecurity Best Practices for Modern Vehicles” issued by the U.S. Department of Transportation, the SAE J3061 Vehicle Cybersecurity Guidebook or the ENISA publication “Cyber Security and Resilience of Smart Cars”. In this way, our assessments are aligning to publications from both European and U.S.A. markets, proving a holistic approach to automotive security.
As a result of the assessment, we provide you with a compliance report, tailored for your specific use case and the conclusions of the evaluation. Obtaining compliance can therefore represent a big advantage for a car manufacturer, since its processes and vehicles will be fully aligned to the upcoming EU regulation. In the current absence of a vehicle cybersecurity regulation on the U.S.A. market, the results of the assessment can be of high value also for non-EU focused manufacturers, as any future market specific regulation will very likely have a big overlap with the one drafted by UNECE. Moreover, this service will be great step for demonstrating compliance with the international ISO-SAE AWI 21434 standard, which is currently in the final stages of its development. Finally, the compliance report can be used by the manufacturer in improving its brand reputation and minimizing the cybersecurity risks for the end users.