Addressing Growing Vehicle Cybersecurity Requirements through the Core of CSMS and ISO/SAE 21434

Hey there, fellow Bay-Area dwellers! Let’s talk about cars today. A lot has changed over the past half-decade or so. Remember when cybersecurity wasn’t something we associated with vehicles? Things are different now, and boy, have they changed swiftly!

Thanks to an update in regulations by our friends over in the European Union back in 2022, automobiles and cybersecurity are now practically synonyms. If automakers want their vehicles on European soil, they need to get their cybersecurity act together.

I must say, it’s been interesting to watch all this stuff unfold. As software has become an ever-more vital piece of the puzzle when it comes to vehicles, the subject of cybersecurity has risen in prominence. Cars are no longer mostly about engines and gas tanks. Now, it’s all about software-defined vehicles (SDVs, if you’re in the loop!).

Now, the UN stepped in a couple of years ago and introduced Regulation No. 155 (oh how catchy, right?), which laid down the welcome mat for a whole new cybersecurity ecosystem in our world. I won’t bore you with the details, but suffice it to say, this new regulation has made it mandatory for carmakers to have a proper cybersecurity management system or CSMS.

So how does a carmaker get a thumbs-up for their CSMS? Well, it’s no walk in the park. The UN has a list of requirements and the ISO/SAE 21434 (that’s another fancy code for an international engineering standard for vehicle cybersecurity, in case you’re wondering) plays a crucial part. It’s quite a convoluted process, so I’ll spare you the complex jargon!

Let’s just say that automakers have to prove they’ve got a proper cybersecurity plan in place for every single stage of their cars’ lives – from the drawing board to the junkyard. Not only that, automakers must also demonstrate that they can quickly respond and remedy any cybersecurity risk that comes up. It’s about being agile, alert, and methodology-oriented.

To get this big approval, there’s a stringent review process from technical service providers and approval authorities. But let’s be real, it’s all for the consumers’ best interests at the end of the day!

Although it can be quite a headache to set up a CSMS (and possibly expensive too), I’m glad to tell you that a solution is out there for automakers. There are companies with stellar tech capabilities that aid in managing the complexities of the CSMS right through the lifespan of a vehicle.

So who needs this approval, you ask? Carmakers, obviously, but tier companies—companies that supply parts and systems to vehicle manufacturers—also need to adapt to these standards and earn their stripes!

On a global scale, carmakers and suppliers are working at breakneck speed to comply with the regulations. Automakers such as Mercedes-Benz and Volkswagen have already won their cybersecurity certificates.

Meanwhile, closer to home, Hyundai Motors and KG Mobility haven’t been twiddling their thumbs either. They’ve secured their CSMS certification too.

All in all, as a cybersecurity enthusiast who has seen this landscape evolve, the crux is that a car’s lifecycle forms the core of CSMS. It’s about ensuring that all processes across the lifecycle are optimized, and significant discussions and collaborations are needed to get here.

And there you have it! The intersection of cars and cybersecurity. Aren’t we living in exciting times, folks? Drive safe (and secure) now, y’all!

by Morgan Phisher | HEAL Security