In the advent of cooperative, connected and automated mobility, cars today are increasingly exposed to cyberattacks. These vehicles became „rolling, flying, floating networked computers”.
Cyberattacks could not only cause material damages, but they may put human lives in danger.The regulations (UN R155 and UN R156) will enter into force in the EU for new vehicle types from July 2022, after that from July 2024 onwards, for all newly manufactured cars. Under ISO/SAE 21434, car manufacturers will be responsible for complying with the regulations and being able to provide a high level of cybersecurity throughout their supply chain.
Who needs to comply with ISO/SAE 21434?
Organisations using IT products in their infrastructure have two policy-related questions:
- whether new IT products can violate the security policy of their infrastructure, for example by giving unauthorised people access to certain data – a stepping stone to attacks on the infrastructure.
- are the effort, skills and tools needed to hack the product less than the level of risk the company considers acceptable?
The Global Standard for the Security of Industrial Control System Networks (IEC) 62443 Security for Industrial Automation and Control Systems (IACS) was defined for this purpose: on device level (ISA/IEC 62443-4-2), and process level (ISA/IEC 62443-4-1)
With applications in industries such as automotive, IEC 62443 is an important way for organisations to demonstrate compliance and due diligence and manage cyber risk.
The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard (ISO / IEC 15408) for IT product security certification.
It is a framework that provides criteria for independent, scalable and globally recognized security inspections for IT products. Component certifications are relevant for suppliers aiming to gain competitive edge in addition to proven cybersecurity measures applied.
Suppliers can certify these type of devices for example
Wireless technology has a significant impact on the automotive supply chain. As levels of connectivity increase, and we find ever-more complex technologies in the automotive industry, the compliance process becomes increasingly intricate and unpredictable.
Economic operators associated with the automotive industry have the EU’s Radio Equipment Directive 2014/53/EU (RED) to deal with, and must ensure that they have implemented their responsibilities accordingly. In 2021 the Commission has taken action to improve the cybersecurity of wireless devices available on the European market. This act lays down new legal requirements for cybersecurity safeguards, which manufacturers will have to take into account in the design and production of the concerned products.
The new cybersecurity measures will help to:
Every day, massive amounts of data are created and exchanged across the automotive industry throughout the entire lifecycle, from design and testing, to validation, homologation and production. This notably includes security data related to the project development phases for parts and systems, as well as manufacturing process and automated, networked production data.
Automotive digitalization is driving the need for robust, proactive information security management. Certification to TISAX® (Trusted Information Security Assessment Exchange) enables to meet industry requirements and demonstrate to consumers that you take data protection seriously.
Let it be a component qualification, a test track, or an on-site test arrangement for determining environmental, functional, or safety behavior, QTICS provide a wide range of accredited evaluation, homologation related and conformity assessment services.