What is Road Vehicles Cybersecurity?
Automobile cybersecurity refers to protecting information and assets such as automobiles, systems, networks, devices, data and human life from cyberattacks like injection, data leakage, ransomware, and physical damage. The goal of cybersecurity is to protect cars and computer networks (both local and shared) from external threats.
The Need for Cyber-security
Since cybersecurity has emerged as an important standard for vehicle safety, Harmonization of Vehicle Regulations (WP.29) of the European Economic Council (UNECE) adopted automobile cybersecurity regulation (UN Regulation No.155: Cybersecurity Regulation) in June 2020.
Korea’s Ministry of Land, Infrastructure and Transport is also preparing to respond for suitable automobile cyber security in Korea, while distributing the ‘Automotive Cyber Security Guidelines’ in December 2020.
Cybersecurity International Standard
Existing international cybersecurity standards include IEC 62443 on SCADA system and its network cybersecurity, ISO 15408 on common criteria for integration of hardware/software information and communication, and European ENISA guidelines promoting cybersecurity culture. An international standard for automotive cybersecurity, ISO/SAE 21434 was enacted in August 2021.
Extensive personal information, sensitive data leakage, and unprecedented complex types of cybersecurity attacks that are difficult to respond with existing defense systems are not only related to AI〮IoT devices, but also all objects and environments like autonomous vehicles and smart home devices. As a variety of new threats continue to arise, the importance of cybersecurity is multiplying as a key strategy contributing to strengthen public and social safety, national security and international peace.
Enforcement of mandatory automotive cybersecurity certification
According to the Automotive Cybersecurity Law, in order to obtain Vehicle Type Approval (VTA) for new vehicles registered in UNECE member countries (about 60 countries including Europe and Asia) from July 2022, the Automotive Cybersecurity Management System (CSMS: Cybersecurity Management System) certification is mandatory. In addition, even in the case of automobiles that have already been registered, automotive cybersecurity management system (CSMS) certification must be premised by July 2024.
UNECE Regulation No. 155 Vehicle Type Approval
UNECE Regulation No. 155, The vehicle type approval means that the vehicle must be equipped with appropriate security technology to make the vehicle safe from cyberattacks. Applicable security technology being installed is identified through risk analysis and can be verified through security testing. In other words, after identifying which assets and threats exist in the vehicle and analyzing whether those threats are dangerous from a cybersecurity point of view, security measures are taken to mitigate the threats. The security measures to be mitigated can prove that the risk analysis and security measures were appropriate by showing that the vehicle is safe from the relevant threats through security tests such as simulated hacking used for attacks.