The regulations will apply to passenger cars, vans, trucks and buses. They will enter into force start of January 2021 and cover:
Managing vehicle cyber risks;
Securing vehicles by design to mitigate risks along the value chain;
Detecting and responding to security incidents across vehicle fleet;
Providing safe and secure software updates and ensuring vehicle safety is not compromised
Introducing a legal basis for Over the Air (OTA) updates
UNECE Cyber Security Management facilitates Security throughout the whole company.
The CSMS Standard requires an OEM to provide Cybersecurity throughout the whole lifecycle of a vehicle.
This means that Cybersecurity has to be integrated from the Design point of view, until the End of Support. UNECE CSMS demands the following:
Risk Management throughout the whole company and lifecycle of each car.
Risk Assessments for every Vehicle Type
Cybersecurity Audits for each Vehicle Type
Vulnerability Analysis throughout the whole development and production process
Monitoring of Cybersecurity and Incident Response on existing Vehicle Types
Documentation of a Cyber Security Management
UNECE Software Update Management (SUMS) facilitates that SW updates and their impact on type approval parameters is visible to driver and traceable by external authorities, to ensure systematic approval and necessary governance mechanisms.
For governance it demands certification of OEM following a checklist which is summarized in the Regulation. Type approval parameters include: Environment, Theft, Safety, Connectivity, Information Sharing.
UNECE SUMS addresses three major aspects:
Assessment of relevant vehicle manufacturer management system
Assessment and certification of vehicles
Implementation of a software identification scheme
What we offer
Based on years of experience with Cybersecurity and Safety, Vector Consulting Services supports with:
Support in the implementation of the UNECE standards for CSMS and SUMS
Process assessments for existing SUMS and CSMS Solutions