The WP.29 regulation and the ISO/SAE standard are complementary and both look at securing modern vehicles in a similar way.
The main commonalities between them are first, that both require securing the vehicle throughout its lifecycle, starting from development, going through production, and all the way to its post-production service-time while it’s on the road.
Secondly, both require an effective cybersecurity management system inside the organization. Both require performing very thorough TARA activities, which is Threat Analysis and Risk Assessment throughout the vehicle lifecycle. And both require effective management of the supply chain of the vehicle.
However, there are a few differences between the standard and regulation. The regulation is legally binding within all the countries that participate in the regulation, which are also known as the contracting parties, while the standard will be probably widely accepted in the industry but will not be legally binding.
Additionally, the regulation is very particular in specific areas. For example, it provides a comprehensive list of threats that serve as baseline threats in order to assess if a vehicle and the connected services are secure. While the standard goes very deep by thoroughly describing how to do some activities such as TARA, Threat Assessment and Risk Analysis, cybersecurity management in the organization, and cybersecurity management for the supply chain.
Ultimately, the standard and the regulation are complimentary and are also non-contradicting, which means that if an OEM does a thorough job in adhering to one of them, it will be well on its way to complying with the other.
Protecting Electric Vehicles: Modern Cybersecurity Solutions and the Road to Revenue
There is much to enjoy in the performance of electric vehicles and advanced features of electric vehicles, yet each connected capability such as GPS, mobile…More Details
Protecting Commercial Vehicles: Continuous Operation and Uptime Amidst Cybersecurity Threats
Read about how a multi-layered cloud-based approach can protect today’s commercial vehicles while streamlining data processes.More Details
Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre
OEMs are relying on their connected vehicles to drive them from “Car Co’s” to “Tech Co’s”.More Details
Upstream Detects a Critical Vulnerability in Linux-Based Head Units
Read about how Upstream’s AutoThreat® Intelligence team works to hunt threats that are hiding in the surface, deep, and dark web- allowing you to meet…More Details
What is Upstream’s AutoThreat® Intelligence?
Upstream’s AutoThreat® Intelligence is the automotive industry’s leading cyber threat intelligence and risk assessment solution. It is purpose-built to collect, analyze, and leverage automotive tMore Details
How AutoThreat® Supports Automotive Cybersecurity
AutoThreat’s® automotive-focused analysts scour the surface, deep, and dark web for incidents that matter most to the automotive ecosystem. Together, our researchers combine both manual…More Details