Cybersecurity Throughout Vehicle Lifecycle | ISO/SAE 21434 and WP.29 CSMS

TEAM UPSTREAM

Ensuring vehicle cybersecurity across its lifecycle is required both by the WP.29 regulation and by the ISO/SAE standard. And doing that is actually a challenging task because it requires multiple players to collaborate across the vehicles’ lifetime, which is very long, and could be between 10 and 15 years.

So how do you do that?
Well, from our experience, there are a few methods that can help achieve this goal.

First is security by design: So, when you develop the vehicle, you need to apply TARA and have a secure development process, but you also need to make sure that meaningful telemetry is emitted, that will enable later detection in post-production, of existing and new cyber attacks. And, you also need to apply cybersecurity management on your supply chain.

Additionally, you need to have a centralized detection system for post-production. Such a detection system can collect logs from vehicles, communication channels, and backend systems, and this way, enables strong detection for a wide range of threats as listed in Annex 5 of the WP.29 regulation. And lastly, you need to have an automotive-specific threat feed.

Such a threat feed should be used by the OEM, the service providers, and the supply chain. And this can supply a good source of threats related to the vehicle and to the mobility service that can help the OEM, connectivity service provider, and the supply chain to create meaningful mitigations within a short period of time.

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Switched on: leveraging cyber resilience to safeguard the future of EVs

More Details

Infographic: The Automotive Cybersecurity Inflection Point 2024 Report

More Details

Watch: Scaling Software-Defined Vehicle Security, without Increasing Costs

In this webinar, Upstream and BlackBerry IVY's experts discuss the role of synthetic sensors in automotive cybersecurity and how to reduce cloud computing and data…

More Details

Secure Connected IoT Devices in the Mobility & Transportation Ecosystem

More Details

Scaling Software-Defined Vehicle Security, without Increasing Costs

Connected and software-defined vehicles generate vast amounts of data – upwards of 25 GB an hour per car. To help make sense of this data…

More Details

Watch: The automotive cybersecurity inflection point in 2024: from experimental to massive-scale attacks

In this webinar, Upstream experts share significant findings from Upstream’s 2024 Global Automotive Cyber Trends Report, providing insights and predictions for 2024.

More Details