When cars will be “software-defined”, they will also be potential targets for cyber attacks. In future, vehicle manufacturers will therefore have to take organisational and technical precautions to be able to remedy detected vulnerabilities promptly via software updates – and to do so over the entire lifetime of the vehicle. To this end, the United Nations Economic Commission for Europe (UNECE) has introduced the UN R155 Regulation, which has been in force since July 2022. Among other things, it obliges vehicle manufacturers to apply the security-by-design approach to their products and processes. The sale of new vehicles in markets covered by the R155 directive now requires a valid certificate of conformity for the cyber security management system (CSMS) applied to each vehicle type.
Due to this regulation, suppliers, such as the manufacturers of the semiconductors that are installed in the vehicles, must also design their products accordingly. This means that the chips must be developed and produced in accordance with ISO/SAE standard 21434. Infineon now reports that it has received the corresponding certification as a company. The certification was carried out by TÜV Nord. In addition, Infineon has equipped its TC4xx microcontroller series with a new and innovative cyber security architecture. As a result, this series will in all likelihood receive product certification according to ISO/SAE, the company said.
Infineon’s ISO/SAE 21434-compliant CSMS applies beyond the TC4xx family to a wide range of products that support automotive cybersecurity, including Aurix and PSOC microcontrollers, Semper Secure Flash memory and Optiga hardware security modules. Following industry best practices, the CSMS covers information technology, manufacturing technology and selected regional and regulatory environments.
Infineon’s cyber threat monitoring system is able to actively analyse relevant vulnerability reports. Potential threats to Infineon’s security products and systems can then be assessed and mitigated based on an ISO/SAE 21434-compliant security incident response process. The ISO/SAE 21434-compliant monitoring and intervention capabilities enable the chip manufacturer and its customers to work closely together to quickly identify and mitigate security risks.