To use our site, you agree to the use of cookies and data processing according to our privacy statement.
Close
Search

The Threat of Security Vulnerabilities in Today’s Connected Automotive World

The regulation enforcement of UNECE security regulations R155 and R156 was becomes enforced in July 2022 in Europe. While automotive vendors had enough time to prepare due to the work of SAE, the missing links of the new security compliance put OEMs under pressure. Next to imposed regulations on cybersecurity, the costs associated with repairing a breach depend on the stage of the product development lifecycle. According to the ISO/SAE 21434 standard, timely findings and corrections provide cost benefits.

Register to download this whitepaper

Testing and verifying security robustness throughout all stages of development, starting from the design phase, is the only cost-effective way to successfully address growing security and compliance concerns. A successful approach to security will drastically reduce the prevalence of vulnerabilities in a final product and save immense organization costs in potential remediation. To achieve success in establishing security robustness across the development lifecycle, these five key principles should be followed:

  1. Establish Common Language, Metrics, and Requirements Company-Wide: start the developing process with the end result in mind. Define the set of security requirements that should be aimed for across the various product lines and types (for example, safety systems vs. non-safety critical systems);
  2. Enable Teams to Achieve Security Robustness Requirements: it is necessary to clearly understand security design requirements (specific to the product in question) for the SDL/Lean/V development process. Company metrics and requirements are the first steps, but every platform or product will generate its specific attack profile;
  3. Apply Security Robustness Across the Value Chain: the security requirements that have thus far been defined must apply to all aspects of the development process. Therefore, it is necessary to enforce the requirements through the process, which could benefit from involving a purchasing organization as well;
  4. Measure Progress on an Ongoing Basis During the Project Cycle: it is well understood that an evaluation of performance against goals needs to be performed after a project to determine whether it was successful. However, waiting until the end of a project is a mistake; ongoing feedback and evaluation throughout the project can save enormous amounts of resources and headaches;
  5. Verify Final Integration and Implementation: despite thoroughly and effectively establishing all security robustness principles throughout the development cycle up to this point, it is still possible to see notable vulnerabilities during implementation and integration engineering.

When followed accurately, these principles will effectively mitigate the real threat of security vulnerability in automotive products and devices and enable OEMs to fulfill the requirements of the industry. But what are the challenges of these five principles, and how can they be addressed? In this paper, Riscure provides more details about the security challenges and success stories.

Register below to download the full paper

Register to download the whitepaper