Cyber Security

 

The future starts now.

Cyber ​​security is already a central topic for road safety and forms the basic requirement for autonomous driving in the future.

As a result, the demands on the products of automobile manufacturers and suppliers in terms of their technical complexity and the functions offered have also increased.

Safety in the automotive industry entails various challenges; from legal interpretation issues in the concept phase, to communication within the vehicle and the manufacturer’s IT structure. Each of these areas must be examined and assessed individually in order to ensure information security, prevent manipulation and be able to react correctly in an emergency.

To make our future world safe.

We are available to our customers with our experienced experts, who we accompany through the process and also support in the selection of required testing laboratories.

ATEEL Besprechung zum Thema Cyber Security
Gap Analysis

Current status analysis vs. ISO standard

Companies today are exposed to a wide range of cyber risks. Attacks on IT systems and the theft of confidential data and information are often critical to the company. Industrial espionage by competitors, attacks by activists, internal perpetrators, attacks on payment transactions by organised crime or even hacking by states can cause great economic damage to companies. Regardless of the size, there is a need for action for all companies.

If weaknesses and security gaps in IT systems are not identified and closed early on, they become a threat to the confidentiality, integrity and availability of sensitive company data.

Our experts examine the customer’s processes based on specific ISO standards and compare them with the requirements of the law.

The gap analysis allows our customers early detection capability. Compliance with legal requirements and certification of the information security system (ISMS) uncovers weaknesses and minimizes potential risks.

How does our gap analysis work?

Through interviews and document analysis, our experts evaluate our customers’ management systems based on legal requirements, ISO standards and empirical values.

The following standards are particularly relevant for OEMs:

  • ISO/IEC 27001 (ISMS)
  • ISO/IEC 21434 (Road vehicles – Cybersecurity engineering)
  • ISO/IEC 21448 (Road vehicles – Safety of the intended functionality)
  • UNECE R-155 (CSMS)
  • UNECE R-156 (SUMS)
  • upcoming: ISO/CD 24089 (Road vehicles – Software update engineering)

After the gap analysis activity, a report is made available to the customer and a customer-specific roadmap to achieve compliance is developed through joint workshops.

Risk Assessment
Cyber Security

Risk management is a key element in making threats, dangers and risks visible to a company and showing that potential risks are proactively dealt with and minimised. Not only the management system but also the risk analysis itself is of particular importance for companies and their products in the field of cyber security.

Information security and the requirements of the CSMS require a process for ongoing risk assessment.

The risk analysis provides the starting point for all further steps in the project.

As part of a risk analysis, specific risks of a company are identified, causes analysed and the damage effects of identified hazardous events evaluated based on their probability.

Automotive Function, Fuzz and Penetration Testing

The UNECE R-155 regulation requires functional and systematic penetration testing for type tests and system approvals. Annex 5 of UNECE R-155 only describes the basic requirements for these tests. Together with the technical service, specific test scenarios are developed, planned and carried out for our customers’ vehicle projects using the risk assessment. Together with the IT specialists of our customers, we create an appropriate test methodology and accompany the vehicle project from development to approval in every aspect.

Certifications

UNECE R-155 und R-156

The UNECE World Forum for Harmonization of Vehicle Regulations (WP.29) has published two new regulations for vehicle cyber security (R155) and software updates (R156).

These regulations have been in force since January 2021 and OEMs require these regulations for new types from July 2022 and July 2024 for all category M vehicles.

As a technical service named for the UNECE regulations R-155 and R-156 for the authorities KBA and SNCH, we have the expertise to support our customers from the gap analysis to the certification audit.