Cybersecurity Throughout Vehicle Lifecycle | ISO/SAE 21434 and WP.29 CSMS

TEAM UPSTREAM

Ensuring vehicle cybersecurity across its lifecycle is required both by the WP.29 regulation and by the ISO/SAE standard. And doing that is actually a challenging task because it requires multiple players to collaborate across the vehicles’ lifetime, which is very long, and could be between 10 and 15 years.

So how do you do that?
Well, from our experience, there are a few methods that can help achieve this goal.

First is security by design: So, when you develop the vehicle, you need to apply TARA and have a secure development process, but you also need to make sure that meaningful telemetry is emitted, that will enable later detection in post-production, of existing and new cyber attacks. And, you also need to apply cybersecurity management on your supply chain.

Additionally, you need to have a centralized detection system for post-production. Such a detection system can collect logs from vehicles, communication channels, and backend systems, and this way, enables strong detection for a wide range of threats as listed in Annex 5 of the WP.29 regulation. And lastly, you need to have an automotive-specific threat feed.

Such a threat feed should be used by the OEM, the service providers, and the supply chain. And this can supply a good source of threats related to the vehicle and to the mobility service that can help the OEM, connectivity service provider, and the supply chain to create meaningful mitigations within a short period of time.

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Sécuriser et renforcer l’avenir de la mobilité et de l’IoT

Upstream libère le potentiel des véhicules connectés, de l’IoT et des données de la mobilité intelligente. 
 Sa plateforme de gestion des données est spécialement…

More Details

Études de cas : Comment l’IA permet de détecter plus tôt les problèmes de qualité véhicule

La détection proactive de la qualité (PQD) d’Upstream en action, accélérant l’analyse des causes premières (RCA), l’évaluation de la gravité et la priorisation des problèmes…

More Details

Beyond the Cyber Resilience Act: Building
Cyber Resilience for the EV Charging Ecosystem

The CRA places broad obligations on manufacturers, including those who design, develop, or brand charge points, backend systems, and embedded communication software used throughout the…

More Details

Beyond the Cyber Resilience Act: Building Holistic Cyber Resilience

A decade ago, the value of connected vehicle data was associated with new revenue streams for OEMs. Fast forward to today, a more effective and…

More Details

Tech Talk: Securing the Commercial Fleet Ecosystem with IVECO’s CISO

The commercial vehicle industry is undergoing a seismic shift. The convergence of connectivity, electrification, and software-defined vehicles is unlocking unprecedented efficiency but also exposing f

More Details

Unmasking the Blind Spot: Why API Security Is the Weak Link in Automotive Cybersecurity

In this session, recorded during the Auto ISAC Partners Week, Upstream's Dr. Matthias Lenk and Fabian Stahl explain why API security remains a critical yet…

More Details
Skip to content