The Challenges | ISO/SAE 21434 and WP.29 CSMS

TEAM UPSTREAM

There are four major challenges in securing connected vehicles. All of these challenges are addressed by the WP.29 regulation and the ISO/SAE 21434 standard.

The four challenges are first, the vehicle complexity. Vehicles are having more and more interfaces, and each of those interfaces is becoming increasingly software-based and has more and more functionality. This means that the overall attack surface on the vehicle is growing.

The second challenge is the backend systems. We’re seeing more and more vehicles being connected today and in the upcoming years to backend systems. The vehicle uploads data to those systems and is increasingly controlled by these backend systems. Those backend systems are in turn connected to other backend systems, which ultimately increase the number of ways in which an attacker can get from the internet to a controlling position of the vehicle.

The third is supply chain. The vehicle has a very complex supply chain, both horizontally and vertically. And managing the supply chain from the cybersecurity perspective for the lifetime of the vehicle, which could be between 10 and 15 years, is complex.

And last but not least is the changing threat landscape. While the vehicle is on the road for 10 and 15 years, during this period, there will be new threats introduced, both because of changing functionality in the vehicle and because of new attack techniques that will be in the market.

Addressing these challenges is complex and requires several countermeasures.

The first is securing the vehicle throughout its lifecycle, from development through production and in its post-production period.

The second is applying a centralized detection system that will collect logs from the vehicles, the communication channel, and the backend systems, and detect threats on the vehicles coming both directly from the backend systems and from the communication channels.

The third is secure supply chain management, which means that OEMs need to require that suppliers and service providers implement cybersecurity management systems and the ability to detect new threats in an ongoing basis throughout the vehicle lifecycle.

Upstream Security aids OEMs and service providers in addressing these challenges, using its C4 and AutoThreat products in multiple ways.

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Sécuriser et renforcer l’avenir de la mobilité et de l’IoT

Upstream libère le potentiel des véhicules connectés, de l’IoT et des données de la mobilité intelligente. 
 Sa plateforme de gestion des données est spécialement…

More Details

Études de cas : Comment l’IA permet de détecter plus tôt les problèmes de qualité véhicule

La détection proactive de la qualité (PQD) d’Upstream en action, accélérant l’analyse des causes premières (RCA), l’évaluation de la gravité et la priorisation des problèmes…

More Details

Beyond the Cyber Resilience Act: Building
Cyber Resilience for the EV Charging Ecosystem

The CRA places broad obligations on manufacturers, including those who design, develop, or brand charge points, backend systems, and embedded communication software used throughout the…

More Details

Beyond the Cyber Resilience Act: Building Holistic Cyber Resilience

A decade ago, the value of connected vehicle data was associated with new revenue streams for OEMs. Fast forward to today, a more effective and…

More Details

Tech Talk: Securing the Commercial Fleet Ecosystem with IVECO’s CISO

The commercial vehicle industry is undergoing a seismic shift. The convergence of connectivity, electrification, and software-defined vehicles is unlocking unprecedented efficiency but also exposing f

More Details

Unmasking the Blind Spot: Why API Security Is the Weak Link in Automotive Cybersecurity

In this session, recorded during the Auto ISAC Partners Week, Upstream's Dr. Matthias Lenk and Fabian Stahl explain why API security remains a critical yet…

More Details
Skip to content