The legal requirements of the ‘United Nations Economic Commission for Europe’ (UNECE) are intended to better protect the ECU architecture in modern passenger cars, vans, trucks and buses against hacker attacks. This applies both to attacks from outside, i.e. from the Internet, and to those that exploit vulnerabilities within the system, for example the vehicle hotspot.
The regulation UN R155 for the Cyber Security Management System (CSMS) and regulation UN R156 for the Software Update Management System (SUMS) therefore pose challenges for the automotive industry. In order to avoid jeopardizing the approval of new vehicle models, development and production departments need to quickly build up know-how on the topic of cyber security and establish corresponding processes, methods and tools.
MicroNova supports OEMs and suppliers in implementing these EU requirements, combining the years of experience of its consultants in the field of ECU development and validation with the expertise of its partner company SecOps Solutions, whose technology consultants develop innovative cyber security solutions with a focus on product cyber security, DevSecOps, ISO 21434 and key lifecycle management for the automotive industry.
- Establishing a Cyber Security Management (CSM) system taking into account cyber security risk management: By using standardized tools and methods, MicroNova supports companies in the fast and efficient implementation of cyber-secure development projects. The central building block here is to establish a Cyber Security Management (CMS) system. Clients benefit from our experts’ years of experience in the validation of electronic components in vehicle development.
- Threat assessment: Analysis and assessment of potential threats in terms of probability of occurrence and severity. A risk analysis helps with the decision whether and which measures need to be taken. The downstream cyber risk management identifies and quantifies the risks, from which it is possible to derive the appropriate measures.
- Identification and prioritization of potential vulnerabilities of a system with regard to cyber security
In order to be able to adapt processes in good time, it is necessary to continuously assess the situation. Cyber security processes that MicroNova introduces to companies are based on the specifications of the ISO 21434 standard.
Being able to reuse proven process templates and know-how saves time and costs. Moreover, the internal development of skills with the help of our experts ensures independence in the long term.
- Selection and implementation of tools to support cyber security measures on-chip, e.g. encryption/signing-as-a-service, certificate/PKI support
- Measures that go hand-in-hand with development such as Vulnerability Analysis and Risk Assessment (VARA), Risk Management, Static Application Security Testing, Cyber Security Requirements
- Secure provision of crypto material all the way to the ECU to validate data traffic after delivery of the vehicle (such as for over-the-air software updates)
- Secure and automated synchronization of the crypto material with KLM (Key Lifecycle Management) systems of tier-one suppliers or OEMs
- End-of-line tests of cyber security measures on-chip
Through its consulting services, MicroNova supports companies in the automotive industry according to where they are in terms of cyber security. This starts with workshops to introduce the topic, including a needs assessment and an initial overview of the ISO 21434 standard. Other consulting packages include a detailed security gap analysis with cyber security concept or a comprehensive cyber security project package according to ISO 21434.