Framework increases cyber security of vehicles
In recent years, the importance of cybersecurity has already found its way into the annual reports of major companies in the automotive and technology industries. Several high-profile attacks have affected the business performance of the affected companies and damaged corporate reputations. For example, a cyberattack in 2015 led to a recall of nearly 1.5 million vehicles. As a result, an estimated cost of around 600 million US dollars was incurred and the OEM affected suffered an estimated loss of its stock market value of 4 billion US dollars.
As vehicles become more complex, the risk of such events increases in the future. In addition, consumer information increasingly stored and retrievable in the vehicle attracts cyberattacks.
“Cybersecurity will play an increasingly important role for global automakers in the coming years – especially in light of increasingly connected and automated vehicles,” says Mayank Agochiya, managing director of FEV Consulting, Inc.
Furthermore, cybersecurity measures also represent an opportunity for differentiation. As vehicle owners and users are offered highly integrated connectivity features, trust will play an important role in adoption in this context.
The mobility industry will therefore increase its focus on cybersecurity. Thus, compliance with most cybersecurity regulations and standards (including ISO 21434) is expected to be targeted for all vehicles with market introduction in 2025. With the entry into force of UNECE WP.29, cybersecurity will even become a mandatory aspect of type approval in 54 countries before 2025.
“To meet these requirements, OEMs and suppliers need to act early to be ready to act by 2025 at the latest,” says Agochiya. “This requires building complex cybersecurity organisations, resources and processes by the end of 2022. With our SPORT framework, this is exactly where we come in and support our customers in developing secure vehicles.”
The FEV SPORT framework – SPORT stands for “Strategy, Process, Organisation, Resources and Technology” – was developed to address the topic of cybersecurity holistically. The “strategy” aspect takes into account the corporate vision, mission and culture of the OEM or supplier. This step aligns the cybersecurity strategy with the corporate strategy and describes its impact on the current and future product portfolio as well as on the customer base.
“Process” covers development processes, such as the security development life cycle and knowledge management, as well as audit and training processes, supported by a dedicated change management workstream.
“Organisation” addresses the structure of the cybersecurity teams and develops a reporting structure with clear roles and responsibilities, while resources defines the necessary team size and takes care of recruitment and outsourcing strategies.
The “Technology” aspect includes a highly secure hardware and software strategy, coordinated technical measures and the provision of tools and infrastructure.
More information: https://www.fev.com/en/coming-up/press/press-releases/news-article/article/fev-sport-framework-addresses-increased-cybersecurity-risks-in-new-vehicles.html
Related articles:
Connected cars vulnerable to cyber attacks, says study
Kaspersky offers custom threat intelligence reporting for automotive industry
Top ten security challenges for connected cars
Porsche, Toyota increase stake in Aurora Labs
Study: cybersecurity awareness in road freight transport is underdeveloped
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
