From parking assistants to self-driving cars: the state of the automotive industry today is almost like something out of a science fiction novel from years gone by. Today’s vehicles contain systems that, when combined, comprise well over 100 million lines of code. This also means that the scope for hacking attacks in the automotive sector is growing.
“The ‘Hello World’ of car hacking is unlocking the doors.”
-Aaron Cornelius, Senior Security Researcher, Grimm, DEF CON 27, Aug. 2019 Las Vegas.
What used to be accomplished by burglars with coat hangers and tennis balls can now be done with compromised smartphones, wireless connections, and credit card-sized computers. Attackers can penetrate the internal vehicle network without even leaving the comfort of their own living room. From controlling the steering and brakes to the windshield wipers, everything can be controlled with a single command line input once a vehicle has been compromised.
New Security Standard Against Hacker Attacks on Vehicles
To counteract these frightening scenarios and establish a high standard of safety in the automotive industry, the United Nations Economic Commission for Europe (UNECE) published two new UN regulations on cybersecurity and software updates. These are the first internationally harmonized and binding standards in this area. Based on these, the ISO/SAE 21434 standard (Road Vehicle – Cybersecurity Engineering) was formulated. This standard offers a holistic approach to the cybersecurity of the product, including its processes and IT systems. It covers its entire life cycle, from the design phase of a component to the decommissioning of a vehicle.
Cybersecurity as a Quality Feature for Vehicle Manufacturers and Suppliers
Cybersecurity itself is set to become a quality feature for vehicle manufacturers and suppliers. ISO/SAE 21434 will become mandatory for all new vehicle type approvals with UN Regulation No. 155. The implementation of a cybersecurity management system (CSMS, UN Reg. 155) and a software update management system (SUMS, UN Reg. 156) is intended to create added value for the safe development of vehicles. Risk and hazard analyses of parts, components, and systems are intended to underpin the concept of “security by design” in the development process from the outset. The approach is similar to that used within a company’s own ISMS (information security management system): continuous testing, checks, monitoring, documentation, and feedback loops are intended to bring about constant improvements and close security gaps.
Consulting Services for Information Security
BREDEX supports you in this highly complex environment: In order to meet the new information security requirements in the automotive industry and offer partners comprehensive consulting services, the BREDEX information security team expanded its consulting portfolio at the beginning of the year to include the “Cybersecurity Engineer Automotive (ISO/SAE 21434)” certification.
Autorin
Lisa Kröll
Jobs
Ihr Ansprechpartner
Gerne erzählen wir Ihnen mehr zu diesem Thema.
