UNECE CSMS and SUMS

The UNECE Commission has defined clear guidelines for Cybersecurity Management (CSMS) and Software Update Management (SUMS) in WP.29. Many OEMS are currently establishing a software update management system with the new UNECE regulations. It is demanded for cybersecurity, but also for protection against manipulation of the software in the vehicle. In addition, with increasingly flexible updates “over the air” (OTA), the driver needs visibility of which software versions are in the vehicle and what influences a change has on driving behavior.

How to prepare for Certification Assessments? How to efficiently implement UNECE standards for CSMS and SUMS? How to conduct process assessments for existing SUMS and CSMS solution? What are the solutions for RxSWIN Management?

UNECE

The new UNECE regulations for the Cybersecurity Management System (R155) and Software Update Management System (R156) have been adopted by UNECE’s World Forum for Harmonization of Vehicle Regulations

UNECE R155 and UNECE R156 extend type approval to lifetime management of cybersecurity and software. 

The regulations will apply to passenger cars, vans, trucks and buses. They will enter into force start of January 2021 and cover:

  • Managing vehicle cyber risks;
  • Securing vehicles by design to mitigate risks along the value chain;
  • Detecting and responding to security incidents across vehicle fleet;
  • Providing safe and secure software updates and ensuring vehicle safety is not compromised
  • Introducing a legal basis for Over the Air (OTA) updates

CSMS

UNECE Cyber Security Management facilitates Security throughout the whole company.

The CSMS Standard requires an OEM to provide Cybersecurity throughout the whole lifecycle of a vehicle.

This means that Cybersecurity has to be integrated from the Design point of view, until the End of Support. UNECE CSMS demands the following:

  • Risk Management throughout the whole company and lifecycle of each car.
  • Risk Assessments for every Vehicle Type
  • Cybersecurity Audits for each Vehicle Type
  • Vulnerability Analysis throughout the whole development and production process
  • Monitoring of Cybersecurity and Incident Response on existing Vehicle Types
  • Documentation of a Cyber Security Management

SUMS

UNECE Software Update Management (SUMS) facilitates that SW updates and their impact on type approval parameters is visible to driver and traceable by external authorities, to ensure systematic approval and necessary governance mechanisms.

For governance it demands certification of OEM following a checklist which is summarized in the Regulation. Type approval parameters include: Environment, Theft, Safety, Connectivity, Information Sharing.

UNECE SUMS addresses three major aspects:     

  • Assessment of relevant vehicle manufacturer management system
  • Assessment and certification of vehicles
  • Implementation of a software identification scheme

What we offer

Based on years of experience with Cybersecurity and Safety, Vector Consulting Services supports with:

  • UNECE SUMS and CSMS ReadinessCheck
  • Preparation for Certification Assessments together with regional and international certification authorities
  • Support in the implementation of the UNECE standards for CSMS and SUMS
  • Process assessments for existing SUMS and CSMS Solutions
  • Development of Processes and Roles 
  • Efficient Solutions for RxSWIN Management

Customer Feedback

"Vector Consulting Services is the right partner for Huawei. You helped us ramping up cybersecurity competences at Huawei with your experiences from TARA and security concept to verification and security testing."

- Li Hailin, Smart Car Solution, Huawei

 

"Vector Consulting Services is a good partner for Claas to implement cybersecurity. Claas had great benefits from the Vector team for TARA and Security Engineering."

- Alexander Grossmann, Manager, Claas

 

"Vector Consulting Services supported Panasonic with cybersecurity, demonstrating an outstanding level of expertise. The goal of a comprehensive TARA integrated into a security concept was achieved. The support was intense and very successful!"

- Michael Prantke, Project Manager, Panasonic

TECHNICAL ARTICLE HIGHLIGHT

Efficient Implementation of Standards for Security, Safety and UNECE

Published on ATZ Electronics, 09/2020

The efficient implementation of a multitude of standards is a key challenge in engineering. From worldwide consulting projects with OEM and Tier-1, Vector Consulting shows how standards in the domain of safety and security are applied. ​This article provides guidance on the organizational design in the implementation of the standards. For example, within agile teams. 

Training and Coaching

Vector Consulting Services offers a comprehensive suite of training, competence evolution and coaching in the field of Cybersecurity:

Newsletters

You are looking for stimulus for your projects or to improve?
Subscribe now! You will receive every 6-8 weeks important information on development and strategy as well as invitations to our events.

How may we help you?

Lena Kast

Ingersheimer Str. 24
70499 Stuttgart, Germany
Phone: +49 711 80 670 1535
E-Mail: Lena.Kast@vector.com