News

Automotive cyber security and vehicle information security

Browsing risks and solutions to protect connected vehicles in the digital age

The automotive sector

25 September 2024

Table of contents 

  • Introduction to automotive cyber security 
  • Cyber attacks on vehicles 
  • Automotive cyber security: an imperative for the industry 
  • Automotive cyber security regulations 
  • The importance of robust cyber security 

The automotive sector has undergone a radical transformation, making vehicles increasingly connected and intelligent.

However, this innovation has brought with it a new set of risks: cyber attacks on automobiles.

Cyber security for the automotive industry has become a crucial element to ensure the safety of vehicles and their occupants.

In this context, UN Regulation No. 155 and UN Regulation No. 156, together with the ISO 21434 standard, play a fundamental role in defining information security regulations for the automotive industry. 

Cyber attacks on vehicles 

Cyber attacks on vehicles represent a threat not to be underestimated. Modern vehicles are equipped with infotainment systems, over-the-air software updates, and numerous sensors and actuators connected to internal networks.

Imagine that in a few years, autonomous driving will be the norm, and everything will be managed by information systems.

These systems, if not adequately protected, can be vulnerable to hackers who could exploit such weaknesses to take control of the vehicle, steal personal data, or compromise the safety of the occupants. 

A significant example of a cyber attack is the one suffered by Jeep Cherokee in 2015, where hackers managed to take remote control of the vehicle through the infotainment system. This episode highlighted the urgent need to implement rigorous security measures throughout the vehicle life cycle. 

Automotive cyber security: an imperative for the industry 

Automotive cyber security is no longer just a theoretical concern but a practical necessity for the entire automotive industry’s supply chain. Protecting vehicles requires an approach that includes: 

  • Risk management

  • Vulnerability assessment 

  • Implementation of effective countermeasures 

Cyber security for the automotive industry must be integrated into all stages of the vehicle life cycle, from design to production to disposal.

The ISO 21434 standard offers a comprehensive framework for managing information security in the automotive sector.

This standard defines the requirements for the security of electronic systems in vehicles, covering aspects such as risk assessment, data protection, and incident response. 

Cyber attacks on vehicles

Automotive cyber security regulations 

To ensure a high level of security, various international regulations have been introduced.

Among these, UN Regulation No. 155 and UN Regulation No. 156 (also known as UNECE regulations) are fundamental for vehicle cyber security. 

  • UN Regulation No. 155 
    This regulation establishes the requirements for managing cyber security in vehicles, requiring automakers to implement a cyber security management system (CSMS) that covers the entire vehicle life cycle. The regulation also requires the continuous assessment of threats and response to security incidents. 

  • UN Regulation No. 156 
    This regulation focuses on software updates and patch management in vehicles. It stipulates that all vehicle software must be securely updatable, ensuring that vulnerability fixes are distributed quickly and without compromising other vehicle functions.

Since July 7, automakers have had to demonstrate under UNECE Regulation No. 155 that cyber security has been adequately considered during product development. 

The United Nations Economic Commission for Europe (UNECE) comprises 58 countries and covers automobiles, vans, trucks, coaches, buses, agricultural vehicles, and off-road mobile machinery.

In Europe, UNECE regulations are implemented through the General Vehicle Safety Regulation, which establishes the principles for driving assistance systems (now mandatory) and the legal framework. 

These regulations represent a significant step forward in standardizing cyber security practices in the automotive sector, requiring automakers to take proactive measures to protect their vehicles from cyber attacks. 

The importance of robust cyber security 

Adopting a robust cyber security strategy not only protects vehicles from cyber attacks but also increases consumer trust and the reputation of automakers. Users are increasingly aware of the risks associated with connected vehicles and prefer brands that demonstrate a serious commitment to protecting their data and safety. 

In conclusion, automotive cyber security is a critical component of the modern automotive industry.

With the increase in vehicle connectivity, protection against cyber attacks becomes essential.

Regulations such as UN Regulation No. 155 and No. 156, along with the ISO 21434 standard, provide a clear regulatory framework to ensure that vehicles are protected throughout their life cycle.

It is imperative that automakers and component suppliers adopt effective measures to manage cyber security and protect their vehicles from evolving threats. 

FAQ 

  1. What is automotive cyber security?
    Automotive cyber security refers to the protection of vehicles and their electronic systems from cyber attacks. 
  2. What are the main risks of cyber attacks on vehicles?
    Risks include remote control of the vehicle by hackers, theft of personal data, and compromise of occupant safety. 
  3. What is UN Regulation No. 155?
    It is a regulation that establishes the requirements for managing cyber security in vehicles, covering the entire vehicle life cycle. 
  4. What is the importance of the ISO 21434 standard?
    The automotive cyber security ISO 21434 standard provides a framework for managing cyber security in vehicle electronic systems from design to production and disposal. 
  5. How can automakers protect their vehicles from cyber attacks?
    By implementing a cyber security management system (CSMS), continuously assessing threats, and responding quickly to incidents. 
  6. What is UN Regulation No. 156?
    It establishes the requirements for software updates in vehicles, ensuring that patches are distributed securely. 
  7. What are the consequences of a cyber attack on a vehicle?
    Consequences can range from remote control of the vehicle to compromise of personal data and occupant safety. 
  8. Why is cyber security important in the automotive sector?
    To protect vehicles from cyber attacks, increase consumer trust, and ensure occupant safety. 
  9. How is the cyber security of a vehicle assessed?
    Through risk assessment, data protection, and incident response according to international standards and regulations. 
  10. What are the most important international regulations for automotive cyber security?
    UN Regulations No. 155 and No. 156 and the ISO 21434 standard are among the key regulations to ensure vehicle cyber security. 
34
To top