Rules and Guidelines
Want to participate in the discussions? Please read our Community Rules and Guidelines. Need some help? Visit Support and Answers.

  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 15 subscribers
  • Views 1765 views
  • Users 0 members are here
Options
You may also be interested in
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automotive Cyber Security

Deborah-Claire McKenzie
Connected vehicles have numerous potential benefits for convenience, safety, travel time and access to mobility, and the features that deliver these have become essential selling points. Advances in autonomy will increase the number and types of connections and travellers’ reliance upon them. In 2020, most new vehicles are connected vehicles and many have online connections to safety-critical systems, putting them at risk of deadly hacks. It’s not clear that the automotive industry is fully equipped to deal with this and they may even be deceiving the public about their lack of preparedness.


In response to these challenges, the new UNECE WP.29 type approval regulations for cybersecurity and over-the-air (OTA) updates enter into force in January 2021. The cybersecurity management standard ISO/SAE 21434 “Road Vehicles – Cybersecurity Engineering” is also hotly anticipated next year. But is the industry ready?

Stepping up in this connected world is a major challenge for the established automotive industry and Intelligent Transport Systems (ITS) providers. A number of these challenges can’t be solved without addressing deep-rooted issues such as reluctance to collaborate, a lack of specialised security talent, and engineering processes that don’t consider security throughout the lifecycle.


The ARTS TN have organised a webinar on Automotive Cyber Security on 21 October 2020 at 11.00hrs BST. Ahead of the webinar we’d like to hear your views on the following questions:


•    How well are automotive and ITS businesses positioned to deal with security in their products and services? 

•    What do the various industries need to do to create conditions where security can be assured by design throughout the lifecycle of their products and services? 

•    What are the gaps, how big are they, and what capabilities are needed to address them?


If you have other questions that you’d like to post here, we will also consider these for discussion by our experts in the Q&A panel during the webinar.

Parents
  • 0
    We had a wonderful response to this webinar, many thanks to our speakers and the 381 people who joined us live from 32 different countries. The recording will be available on demand soon and we'll post a link once available.


    There were lots of questions from the audience that prompted a lively discussion. We didn't have time to answer everyone's questions live, but our speakers have kindly agreed to answer some more here. First up we have some answers from Paul Wooderson of HORIBA MIRA.

    Q: What framework will UNECE WP.29 use (for compliance demonstration) before 21434 is issued?

    Paul:     ISO/SAE 21434 is widely seen as a key way of implementing the requirements of the regulation and demonstrate that they are met. However there is no formal reference to ISO/SAE 21434 or any other standard or framework in the regulation itself; rather it allows any appropriate means to demonstrate compliance. Therefore vehicle manufacturers can use evidence of following ISO/SAE 21434 or appropriate combinations of other standards to demonstrate that they meet the regulation's requirements.

    Q: Should ResiCav software be installed in the car? Or does it run on a PC?

    Paul:     ResiCAV is not software specifically but the project looked holistically at the challenge of achieving cybersecurity resilience. This included examining the technical and economic feasibility of solutions and methods that involve both in-vehicle and off-board aspects, as well as the capabilities and facilities that are required for the UK to develop, validate and operate these solutions.

    Q: I am "lucky" enough to own a top USA brand of car that is leading autonomous driving. I am not sure the frequent updates have appropriate quality control since they fix one thing and break another. As a driver Im not sure I would know my car was secure or indeed had been compromised? THe pace and drive for commercial advantage feels way in advance of regulation. Who is holding suppliers to account?

    Paul:     This is indeed a challenging area in which the pace of technological change is greater than the speed at which regulation can keep up. The introduction of the new UNECE regulations for cybersecurity and software updates mean that adequate cybersecurity and safe and secure software updates are now a condition for getting new vehicles type approved for use in regions that adopt the regulations. This is an important step, although the pace differential of course still remains. Within the constraints of current regulatory frameworks, the new regulations do require ongoing monitoring, detection and response to emerging threats, although in the future more dynamic forms of assurance and regulation are likely to be required.
Reply
  • 0
    We had a wonderful response to this webinar, many thanks to our speakers and the 381 people who joined us live from 32 different countries. The recording will be available on demand soon and we'll post a link once available.


    There were lots of questions from the audience that prompted a lively discussion. We didn't have time to answer everyone's questions live, but our speakers have kindly agreed to answer some more here. First up we have some answers from Paul Wooderson of HORIBA MIRA.

    Q: What framework will UNECE WP.29 use (for compliance demonstration) before 21434 is issued?

    Paul:     ISO/SAE 21434 is widely seen as a key way of implementing the requirements of the regulation and demonstrate that they are met. However there is no formal reference to ISO/SAE 21434 or any other standard or framework in the regulation itself; rather it allows any appropriate means to demonstrate compliance. Therefore vehicle manufacturers can use evidence of following ISO/SAE 21434 or appropriate combinations of other standards to demonstrate that they meet the regulation's requirements.

    Q: Should ResiCav software be installed in the car? Or does it run on a PC?

    Paul:     ResiCAV is not software specifically but the project looked holistically at the challenge of achieving cybersecurity resilience. This included examining the technical and economic feasibility of solutions and methods that involve both in-vehicle and off-board aspects, as well as the capabilities and facilities that are required for the UK to develop, validate and operate these solutions.

    Q: I am "lucky" enough to own a top USA brand of car that is leading autonomous driving. I am not sure the frequent updates have appropriate quality control since they fix one thing and break another. As a driver Im not sure I would know my car was secure or indeed had been compromised? THe pace and drive for commercial advantage feels way in advance of regulation. Who is holding suppliers to account?

    Paul:     This is indeed a challenging area in which the pace of technological change is greater than the speed at which regulation can keep up. The introduction of the new UNECE regulations for cybersecurity and software updates mean that adequate cybersecurity and safe and secure software updates are now a condition for getting new vehicles type approved for use in regions that adopt the regulations. This is an important step, although the pace differential of course still remains. Within the constraints of current regulatory frameworks, the new regulations do require ongoing monitoring, detection and response to emerging threats, although in the future more dynamic forms of assurance and regulation are likely to be required.
Children
No Data

Community Rules & Guidelines