With the United Nations Economic Commission for Europe World Forum for Harmonisation of Vehicle Regulations (UNECE WP.29) framework coming into effect in July 2024, leaders across the Automotive sector are apparently ‘swamped’ by the volume of compliance and security risks that need to be addressed to protect drivers in all types of connected or autonomous vehicles.
The regulations will stipulate that all OEMs, as well as their supply chains, must meet certain requirements to protect against current and future cyber vulnerabilities and the penalty for not meeting these requirements is potentially that manufacturing of the affected vehicles will be stopped until such time as they become compliant – a commercial as well as reputational disaster. And with all vehicles that were under development from mid-2022 onwards included in these regulations, the size of the task is not to be underestimated.
However, a recent study by Kaspersky painted a bleak picture of the industry’s readiness to comply, with 42% of leaders stating they have no plan in place and 68.5% still seeking more understanding of the regulations’ impact on their businesses. The complex nature of automotive supply chains seems to be one particularly challenging area with 64% believing their supply chains were vulnerable.
It is clear that what is required is a fundamental rethink of how to implement trust across these heterogeneous components and external systems in a scalable and sustainable way with minimal human intervention. The requirements are forcing a new security model, often referred to as Security by Design and lifecycle management from the beginning, with automation. Whilst security by design has been a model adopted within supply chains for a while, this has to be coupled with device lifecycle management for a truly robust solution to these challenges.
PKI certificate management, for example, is an important solution to manage the digital identity of a connected car and all the key modules that internally communicate with each other or with external entities, bringing trust throughout the process. As well as identity management, integrity management is also key using solutions such as Secure over-the-air updates and code-signing to ensure firmware updates to connected car modules do not open the vehicle up to further vulnerabilities.
The issue of cybersecurity in any sector is a fast-moving one and with the continuing advancement in technology being leveraged for a competitive edge, so also comes the continually evolving security threats that must be addressed. The need for more specific and specialist solutions is growing and whilst business leaders might struggle with the technical jargon, they must be aware of the threat landscape that their organisation faces and enable the right people within their teams to implement effective solutions. With less than 10 months before regulations come into force, this should now be up there with their top business priorities.
To find out more about how Device Authority’s KeyScaler solution can help you to comply with upcoming regulations, visit https://www.deviceauthority.com/industries/transport-automotive/
