The UNECE Commission has defined clear guidelines for Cybersecurity Management (CSMS) and Software Update Management (SUMS) in WP.29. Many OEMS are currently establishing a software update management system with the new UNECE regulations. It is demanded for cybersecurity, but also for protection against manipulation of the software in the vehicle. In addition, with increasingly flexible updates “over the air” (OTA), the driver needs visibility of which software versions are in the vehicle and what influences a change has on driving behavior.
How to prepare for Certification Assessments? How to efficiently implement UNECE standards for CSMS and SUMS? How to conduct process assessments for existing SUMS and CSMS solution? What are the solutions for RxSWIN Management?
UNECE R155 and UNECE R156 extend type approval to lifetime management of cybersecurity and software.
The regulations will apply to passenger cars, vans, trucks and buses. They entered into force start of January 2021 and cover:
Managing vehicle cyber risks;
Securing vehicles by design to mitigate risks along the value chain;
Detecting and responding to security incidents across vehicle fleet;
Providing safe and secure software updates and ensuring vehicle safety is not compromised
Introducing a legal basis for Over the Air (OTA) updates
UNECE Cyber Security Management facilitates Security throughout the whole company.
The CSMS Standard requires an OEM to provide Cybersecurity throughout the whole lifecycle of a vehicle.
This means that Cybersecurity has to be integrated from the Design point of view, until the End of Support. UNECE CSMS demands the following:
Risk Management throughout the whole company and lifecycle of each car.
Risk Assessments for every Vehicle Type
Cybersecurity Audits for each Vehicle Type
Vulnerability Analysis throughout the whole development and production process
Monitoring of Cybersecurity and Incident Response on existing Vehicle Types
Documentation of a Cyber Security Management
UNECE Software Update Management (SUMS) facilitates that SW updates and their impact on type approval parameters is visible to driver and traceable by external authorities, to ensure systematic approval and necessary governance mechanisms.
For governance it demands certification of OEM following a checklist which is summarized in the Regulation. Type approval parameters include: Environment, Theft, Safety, Connectivity, Information Sharing.
UNECE SUMS addresses three major aspects:
Assessment of relevant vehicle manufacturer management system
Assessment and certification of vehicles
Implementation of a software identification scheme
What we offer
Based on years of experience with Cybersecurity and Safety, Vector Consulting Services supports with:
UNECE SUMS and CSMS ReadinessCheck
Preparation for Certification Assessments together with regional and international certification authorities
Support in the implementation of the UNECE standards for CSMS and SUMS
Process assessments for existing SUMS and CSMS Solutions
Development of Processes and Roles
Efficient Solutions for RxSWIN Management
"Vector Consulting Services is the right partner for Huawei. You helped us ramping up cybersecurity competences at Huawei with your experiences from TARA and security concept to verification and security testing."
- Li Hailin, Smart Car Solution, Huawei
"Vector Consulting Services is a good partner for Claas to implement cybersecurity. Claas had great benefits from the Vector team for TARA and Security Engineering."
- Alexander Grossmann, Manager, Claas
"Vector Consulting Services supported Panasonic with cybersecurity, demonstrating an outstanding level of expertise. The goal of a comprehensive TARA integrated into a security concept was achieved. The support was intense and very successful!"
Efficient Implementation of Standards for Security, Safety and UNECE
Published on ATZ Electronics, 09/2020
The efficient implementation of a multitude of standards is a key challenge in engineering. From worldwide consulting projects with OEM and Tier-1, Vector Consulting shows how standards in the domain of safety and security are applied. This article provides guidance on the organizational design in the implementation of the standards. For example, within agile teams.
In this webinar of May 2020, based on our experience inside Vector and client projects, we will describe new standards and experiences. The webinar is structured into four parts: risk-oriented security, systematic security engineering, case studies and examples, conclusions and outlook.
You are looking for stimulus for your projects or to improve? Subscribe now! You will receive every 6-8 weeks important information on development and strategy as well as invitations to our events.