UNECE Regulations on Cybersecurity & Software Updates Training

... > Training Courses > UNECE Regulations on Cybersecurity & Software Updates Training

UNECE Regulations on Cybersecurity & Software Updates Training

The UNECE (United Nations Economic Commission for Europe) has been working in the past years on drafting two new international regulations, focused on Cybersecurity (R155) and Software Updates (R156). Secura offers this dedicated training focused on providing more insight into the requirements of R155 and R156 & how these can be interpreted.

About the UNECE Regulations

The regulations have been adopted formally in June 2020, and were scheduled to enter into force from January 2021. Under the new regulations, vehicle manufacturers (OEMs) will need to satisfy the Cyber Security Management System (CSMS) and Software Updates Management System (SUMS) requirements in order to be allow to apply for type approval of specific vehicle types. The regulations will be applicable under all the UNECE countries members of the 1958 agreement, which ensures a wide global coverage.

Together with the introduction of these two new regulations, there were a lot of discussions which started to take place between vehicle manufacturers, vehicle approval authorities or technical services regarding the implementation of the requirements. Ultimately, what we need to have in place is a level playing field for all the vehicle manufacturers in the world for obtaining their type designations. As a follow-up to successful webinars on this topic with more than 250 attendees, Secura offers this dedicated training which aims to provide more insight into the way in which the requirements of R155 and R156 need to be interpreted. The training is addressing both the perspective of the vehicle manufacturers, as well as the components/services suppliers.

Why should you attend?

  • Understand the general landscape of automotive homologation under UNECE regulations
  • Deep dive into the requirements of UNECE R155 and R156 regulations
  • Explore relevant industry standards such as ISO/SAE 21434
  • Explore lessons learned from several case studies
  • Understand the next steps, and expected implementation effort and roadblocks

Intended Audience

The training is designed to be addressing both vehicle manufacturers as well as vehicle suppliers. The expected audience consists of:

  • Homologation specialists/managers from vehicle manufacturers of vehicle components/services suppliers
  • Cybersecurity design and testing specialist involved with the requirements of R155
  • Cybersecurity Management System (CSMS) managers
  • Software Updates Management System (SUMS) managers
  • Anyone with an interest in the UNECE Regulations in Cybersecurity (R155) and Software Updates (R156) or a general interest in Automotive Cybersecurity

Required Skills & Expertise

The training is designed to explain and deep dive into the contents of the R155 and R156 regulations. No previous knowledge of R155 or R156 regulations is necessary. Basic knowledge of cybersecurity concepts is preferred in order to follow easier the presented case studies.

Program

The training will cover the following topics.

1. UNECE and vehicle regulations background

2. Cybersecurity regulation (R155) – deep dive

  • Overview of regulation requirements (meaning of each requirement, required evidence, audit/testing approach, examples of sufficient/insufficient documentation)
  • Regulation scope and certification validity
  • Cyber Security Management System (CSMS) necessary processes review
  • Risk Management processes
  • Dealing with the supply chain
  • Vehicle type assessment requirements review

3. Software updates regulation (R156) – deep dive

  • Overview of regulation requirements (meaning of each requirement, required evidence, audit/testing approach, examples of sufficient/insufficient documentation)
  • Regulation scope and certification validity
  • Software Updates Management System (SUMS) necessary processes review
  • Security of software updates (link with R155)
  • Vehicle type assessment requirements review

4. Impact, timeline and next steps

  • Lessons learned from conducted projects
  • What to expect next?
  • How will the type approval process look like?
  • Expected effort for type approval and relation with Approval Authorities and Technical Services

5. Q&A session

ABOUT THE TRAINERS

Razvan Venter

Razvan is managing the Product Security group within Secura. He has extensive experience with the UNECE R155 and R156 regulations, being involved in the development and piloting of these regulations from an early drafting stage. Razvan is a member of the task force that develops the R155 and R156 regulations, and has been involved in the drafting of the Interpretation Documents that accompany the two regulations.

YANNICK FOURNEL

Yannick is a Senior Security Specialist at Secura, with extensive and hands-on experience in the domain of automotive cybersecurity. Yannick has been involved in supporting multiple vehicle manufacturers and supplier with understanding the concepts of the R155 and R156 regulations, as well as providing audit and consultancy services.

More Information

Are you interested in hosting this interactive and tailored training at your company? Please fill out the form below and we will contact you within one business day.

USP

ABOUT SECURA

Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.