Automotive
Software Supply Chain Security:
Regulatory Compliance for the Automotive Industry Through Software Supply Chain Traceability
Addressing UNECE WP.29 and ISO/SAE 21434 Cybersecurity Standardization
In just over one hundred years vehicles have evolved from relatively simple to operate hard goods to highly complex software platforms within a physical framework. As a result, the automotive industry faces enormous challenges in managing and monitoring the supporting technologies, ensuring safety, providing cybersecurity, and meeting broad-sweeping regulatory compliance. The complexity of modern automotive systems demands the ability to ensure real-time, of-the-moment updates and the ability to parse software, firmware, and updates for verification across the entire supply chain and its lifecycles.
asvin cybersecurity management system contributes solutions to fulfill regulatory requirements of UNECE WP.29 and ISO/SAE 21434
- Identification of software related to type approval
- Record software versions related to vehicle types
- Verify that software versions installed and running on a component are valid
- Identify interdependencies on OTA software updates and patches
- Track vehicle software status and verify their compatibility on OTA updates and patches
- Analytics of data records to assess if OTA software updates and patches are affecting type approval or legally compliance
- Resilient and immutable documentation of all software supply chain related processes
Challenges
Ensuring Software Supply Chain Integrity for Vehicles and Their Component
From OEM to audit processes, manufacturing, OTA updates, and vehicle operations all must avoid the manipulation of a vehicles’ ECU and its OEM software or insertion of malware.
Securing Over The Air OTA Updates
Providing just-in-time Over-the-Air updates and preventing any other cyberattack requires a robust architecture and protocols to ensure cybersecurity.
Missing Risk Monitoring and Forensic Data for Connected Vehicles
With OTA the software platforms of vehicles have become more dynamic but subsequently create challenges related to tracking and tracing the software status of any specific vehicle. Validating the integrity and documenting the history of a vehicle’s supporting software in operation mitigates liability risks and ensures safe operation and cybersecurity during their lifetime.
Complex Fulfillment of Regulatory Compliance
Regulatory compliance and documentation of software and related updates is an ever-expanding and ongoing operational burden for the automotive industry. From UNECE WP.29 and ISO/SAE 21434 and at least another 11 regional and international acts, laws, guidelines, regulations, and frameworks all of which address specific aspects related to cybersecurity and data protection.
In this White Paper:
- The impact of global regulation and standards on automotive OTA update procedures
- Protocols for the implementation of cybersecurity-compliant OTA updates
- Manage the security of the software supply chain for connected elements in vehicles
- Track and trace entire vehicles’ software and hardware distribution lifecycle
Solutions
asvin Paw Print: Unique IDs and Fingerprints for IoT devices and Software / Firmware
Create and store unique IDs for smart car components and their related hardware and software with physical unclonable functions (PUF) and trusted platform modules (TPM) for embedded systems in an immutable DLT for maximum resilience.
asvin Trackhound: Software Supply Chain Tracking
asvin’s Trackhound provides sustainable and reliable cybersecurity and transparency to the entire software supply chain and lifecycle for connected vehicles and their smart components. From initial software deployment on IoT devices and subsequent OTA updates and security patch distribution to forensic audits, Trackhound increases system security by offering lifetime control over the software running on vehicle edge devices and fulfills UNECE WP.29 and ISO/SAE 21434.regulatory requirements.
Click here to read our Automotive Industry White Paper
Request your online demo now
We will show you asvin BeeHive IoT update distribution management live and our experts answer your domain specific questions
Startup Autobahn Expo Day 2022, Stuttgart 07.07.2022
We are at the Expo Startup Autobahn on 07.07.2022
Invitation to Embedded World 2022, Nuremberg 21-23 June
Cybersecurity 2.0: asvin shows secure software supply chain solutions
Security is a Dynamic Process
Security is a dynamic process. In a way it
The EU Data Act and asvin’s D-SBoM
The volume of data is mindboggling, the EU expects
