The automotive industry is changing fast. Vehicles are increasingly equipped with electronic control systems, smart components, integrated systems and API (connected car) interfaces. Connected after-sales SOTA (Software On The Air) is becoming widespread and, moreover, the autonomous vehicle will eventually be with us. While these advances offer new functions to private customers and fleet managers while digitising the processes of manufacturers, they continually increase their vulnerability to cyber-attacks. Strategic connected car suppliers are obviously in the same boat and need to show that they have mastered cyber risks.
All new mobility services associated with connected vehicles are also highly exposed to increased cyber risks (hacking, GDPR, etc.)
At the same time, all industrial players in the sector (manufacturers and equipment producers) are engaged in a process of digitising manufacturing and the supply chain. Beyond the ISO 27001 standard, they must now comply with industry standards for cyber risk management. Faced with these challenges, cyber-security regulations are developing rapidly, and companies in the automotive sector must adapt to remain compliant.
Every communication interface and every additional component in a vehicle represents a potential point of attack for cyber-criminals. Modern vehicles can contain up to 150 electronic control units (ECUs) and around 100 million lines of code, a figure that’s expected to triple by 2030.The potential for damage caused by cyber-attacks on connected cars is enormous.
Faced with these challenges, the United Nations has laid down the basic framework for automotive cybersecurity with two new regulations: cybersecurity in the UNECE (UN R 155), which directly refers to the new standard ISO/SAE 21434, and the UNECE (UN R 156) software update.
These regulations, which have been in force since July 2022 for new types of vehicles in the EU, represent major challenges for the automotive industry.
Implementing a CSMS (Cyber Security Management System) is becoming essential for both manufacturers and their suppliers, who must meet the requirements of these new standards. EGERIE is at the heart of this CSMS, thanks in particular to its risk analysis functionalities which are compatible with the ISO 21434 standards and TARA methodology.
Finally, all players in the automotive mobility ecosystem (EV charging, car sharing, LCD, Geoloc, infotainment and navigation apps, etc.) will also have to carry out the risk analyses necessary to protect vehicles and their occupants.
The digitisation of industrial sites and supply chain processes (downstream / upstream) generates a considerable increase in flows and data between manufacturers and equipment producers. Beyond the ISO 27001 standard offering a first level of cyber risk management, the TISAX® standard means certification specific to the automotive industry can be prepared. EGERIE integrates this reference base to carry out long-term risk analyses.