Automotive Cybersecurity

Keeping an eye on automotive cyber risks with systematic, risk and model-based automotive cybersecurity management.

With the advancement of software-defined vehicles (SDV) and its related connected vehicles the Cybersecurity attack surface of vehicles, its IT backend and the entire supply chain is increasing. ​

Remote cyberattacks outnumber physical attacks by 85%, with 40% of those attacks targeting back-end servers used to support connected vehicles and related infrastructure. Perhaps more alarming, cyberattacks have increased 225% in the past three years, in large part because of all the connected electronics. Research firms estimates losses for the global auto industry could reach $505 billion by 2024. ​

Vehicle Cybersecurity needs to be considered of the lifecyle, this means from development over production and post production and as well from top down over the E/E architecture down to the specific domain ECUs and related SW. Proper automotive Cybersecurity needs prevention, response and testing. The R&D teams focuses on prevention by designing the most secure hardware and software products. Prevention focuses on addressing cybersecurity incidents should they occur and testing is required to ensure reliable products. Modern Vehicle Risk Management needs to consider very different aspects and contexts.

Connected car with charging station

Cybersecurity Riskmanagement

Automotive cyber incidents are leading to multiple types of adverse outcomes which all need to be managed under a unified cyber risk management framework. Recent 2022 cyber incidents resulted in significant impactful adverse outcomes of various categories including safety, disruptions, financial losses, privacy violations, as well as overall confidence and reputation degradation.

connected car

Cybersecurity Supplier Management

Automotive and smart mobility cyber incidents increasingly cross multiple organization boundaries, between OEMs and Tier1, Tier 2, and other suppliers, between vehicle and right-to-repair partners, between vehicle in V2X communication partners, between vehicle and commercial transaction partners, between fleet managers and eco-system partners, and between software-defined vehicles and their functionality providers, among many examples.

connected vehicle interior view

Cybersecurity Type Approval

Meeting regulatory requirements for automotive cybersecurity in type approval demands integrated assessments—from architecture to systems and individual components.

asvin provides a standardized toolkit and guidance to transform modern E/E architectures into fully cybersecurity-certified vehicle types.

Dashboard for managing cyber risk and connected cars

Regulatory Landscape and Process in Automotive Cybersecurity

Automotive cybersecurity regulations such as UN ECE WP.29 R155 (Cybersecurity Management System, CSMS) and R156 (Software Update Management System, SUMS) have been released and are widely adopted across the industry. Additionally, standards such as ISO/SAE 21434 introduce structured cybersecurity risk management processes. These regulations and standards require a more systematic, model-based approach to automotive cybersecurity management.

The process begins with decomposing a vehicle or device into cybersecurity-relevant components. A vulnerability and risk assessment is then conducted on these components to identify potential threats. Based on the assessment, preventive measures are implemented to mitigate risks and enhance overall cybersecurity resilience.

Software Defined Vehicle regulations

How to comply with UN ECE Regulation?

UN CYBERSECURITY REGULATION

PROCESS

  • CSMS – Cyber Security Management System

  • SUMS – Software Update Management System

SYSTEM

  • Exhaustive vehicle Threat Analysis and Risk Assessment

  • Security requirements and concepts

  • Requirements for safe execution of update

  • Protection of vehicle SW/HW identification and user information

TECHNICAL

  • Implementation of appropriate cyber security measures

  • Mechanisms to detect, record and mitigate possible attacks

  • Implementation of  mechanisms to update the SW content and maintain SW/HW identification (RxSWIN

HOMOLOGATION/ CERTIFICATION

  • 54 countries

  • 32+ million vehicles per year (EU, Japan, Korea)

asvin in the vehicle Life Cycle

Software-defined vehicle lifecycle management

Smart Tooling for Complete Lifecycle Traceability

asvin’s smart tooling leverages graph-based traceability to connect essential metadata across the entire software lifecycle, ensuring seamless tracking, compliance, and risk management.

Regulatory framework for cybersecurity in software-defined vehicles
Gerhard Steininger

“With unique industry structures and uniform cybersecurity demands, a flexible, adaptable toolbox becomes crucial.”

Gerhard Steininger
Automotive Expert and
VP Business Development

Gather further industries automotive cybersecurity insights