Subscribe
Share
Share
Embed
As cars become smarter and more connected, the demand for top-tier automotive cyber security has never been higher. With expert insights from PlaxidityX, a leading automotive cyber security company, we’ll guide you through the challenges and solutions protecting millions of vehicles worldwide. Whether you’re an industry expert or just curious about how cars are secured in the digital age, this podcast comprehensively looks at how cyber defenses are developed, tested, and deployed.
We don’t just talk about the technology; we talk about what it means for you—the driver, the manufacturer, the tech enthusiast. We explore how automotive cyber security solutions are applied in real-world scenarios to safeguard everything from onboard infotainment systems to critical vehicle control units.
Tune in to gain a deeper understanding of how manufacturers are staying one step ahead of hackers and ensuring a more secure, connected world.
00:00:00:09 - 00:00:03:12
Welcome to cars, hackers and cybersecurity.
00:00:04:01 - 00:00:07:01
Here we break down the latest in automotive cybersecurity,
00:00:07:01 - 00:00:10:16
helping you stay ahead in building secure connected vehicles.
00:00:12:17 - 00:00:22:06
Hi. Today we'll explore how the extension of UNR 155 to motorcycles is reshaping the industry and what it means for two Wheeler manufacturers.
00:00:22:24 - 00:00:29:14
In January 2024, the UN's working party on automated slash autonomous and connected vehicles
00:00:29:14 - 00:00:33:09
decided to extend its cybersecurity Management Regulation,
00:00:34:04 - 00:00:57:11
UN regulation 155 to include motorcycles, scooters and electric bicycles with speed exceeding 25km/h. This decision is a shrill wakeup call for the motorcycle industry. Until now, cybersecurity was not something motorcycle OEMs have had to worry about. But that's about to change, and two Wheeler manufacturers need to saddle up.
00:00:57:13 - 00:01:23:04
So what's behind this decision, and why is cybersecurity becoming essential for two wheelers? What are the risks involved and what are the business implications of UNR 155 compliance from motorcycle OEMs. This post shares our insights into the basics of automotive, cybersecurity and under 155 compliance, as well as valuable lessons learned from vehicle manufacturers for navigating the compliance journey.
00:01:24:07 - 00:01:26:21
Why do vehicles need cybersecurity?
00:01:27:18 - 00:01:50:13
Cyber security in the automotive industry has only been implemented in the last couple of years, but today it's become a household term for just about every vehicle manufacturer and tier one supplier. The reason for this is that tens of millions of cars on the road today are software defined vehicles, or Steves, with cloud connectivity similar to any other connected device.
00:01:50:15 - 00:02:17:24
Steves are exposed to cyber security risk from software vulnerabilities and hacking attempts. This was clearly demonstrated in a recent hacker competition, where dozens of software vulnerabilities were discovered in vehicle charging systems. In-Car entertainment technology and modem subsystems from major automotive suppliers. Unlike a cyber attack on your IT network, a cyber attack on your vehicle can have life threatening consequences.
00:02:18:01 - 00:02:43:00
By exploiting specific vulnerabilities, bad actors can potentially compromise safety critical systems. For example, braking or even start and control a car from a remote location. In addition to safety concerns, vehicle cyber attacks can also compromise personal data while the data generated and collected by Steves helps automakers improve vehicle operations and personalize the driver experience.
00:02:43:00 - 00:02:46:06
It also introduces serious data privacy concerns.
00:02:46:16 - 00:03:07:15
Research by Mozilla stated that modern cars are the worst product category we have ever reviewed for privacy, due to poor data protection practices by OEMs. With the introduction of telematics, adaptive cruise control, and advanced connectivity in today's motorcycles, concerns about potential cyber risks for two wheelers are also increasing.
00:03:08:00 - 00:03:22:13
Understanding the regulatory landscape. New automotive cybersecurity regulations and standards have emerged in recent years as a response to the growing risk of cyber attacks against connected vehicles. Global directives like UNR 155 and
00:03:22:13 - 00:03:24:23
ISO S80 21434.
00:03:24:23 - 00:03:30:24
already have a major impact on the way OEMs and their suppliers develop and manage their products.
00:03:30:24 - 00:03:33:07
ISO 21434.
00:03:33:07 - 00:03:37:07
is an international standard for road vehicle cybersecurity engineering.
00:03:37:09 - 00:04:10:20
This standard provides guidelines for managing cybersecurity risks across the entire vehicle lifecycle, from concept and design to production, operation, maintenance, and decommissioning. UNR 155 requires that all OEMs implement a risk based management framework, aka Cybersecurity Management System, or CMS, for detecting and protecting against cyber threats throughout the vehicle lifecycle. Mandatory for passenger cars, trucks and busses in UN member states, including EU countries, Japan, Korea and others.
00:04:10:22 - 00:04:40:16
UNR 155 provides an international framework for the type approval of road vehicles with regard to cybersecurity. UN 155 comprises two main pillars. CSE Ms. C Usm's is a systematic, risk based approach defining organizational processes, responsibilities and governance to mitigate cyber threats and protect vehicles from cyber attacks. Detailed specifications for the CSE SMS are provided in the UNR 155 documentation.
00:04:40:18 - 00:05:12:17
UNR 155 specifies the processes that need to be implemented during the development, production and post-production phases, but does not stipulate specific tools or products to be used to execute such processes. Type approval certification U.N. 155 established a new landscape of organizational and technical requirements for vehicle OEMs to fulfill for vehicle type approval. The regulations set two milestones for type approval certification in July 2022.
00:05:12:23 - 00:05:41:06
In July 2022, it became mandatory for all new vehicles to receive a CMS Certificate of Compliance, or COC, in order to receive type approval. The second milestone, set for July 2024, extends this requirement to all new vehicles on the road, both previously approved types and new types, in UN and EEC member states. The COC is granted following a rigorous audit process carried out by an authorized type approval authority under UNR 155.
00:05:41:06 - 00:05:59:17
Compliance has triggered intensive activity across the automotive value chain. Since OEMs must now demonstrate compliance in order to achieve type approval, they are demanding that their suppliers also bake cyber resilience into their product design, development, operation, and maintenance processes.
00:06:00:16 - 00:06:04:19
Implications of Regulatory Compliance for Motorcycle OEMs
00:06:05:04 - 00:06:18:10
Based on what we've learned from four-wheeler manufacturers that have implemented compliance projects, it's important for motorcycle OEMs to understand the potential implications of the new regulation on their business and product development.
00:06:18:12 - 00:06:42:09
Establishing a CMS and achieving regulatory compliance for motorcycle type approval is a complex effort requiring automotive cybersecurity knowledge, skilled resources, and purpose-built tools. Not only that, it's critical to evaluate the efforts needed to retrofit cybersecurity onto existing models. As a recent example of the potential impact of cybersecurity regulation,
00:06:42:09 - 00:06:53:15
Porsche announced that its best-selling ICE-powered Macan SUV will be discontinued from markets within the European Union in spring of 2024, due to cybersecurity regulations.
00:06:53:24 - 00:07:10:02
Porsche explained that the updates required for the SUV to comply with the new rules were deemed excessively complex and costly. This is just the latest in a series of similar announcements from OEMs regarding other vehicles, including VW and Audi models.
00:07:10:02 - 00:07:19:18
Bottom Line
The extension of UNR 155 to motorcycles vehicle category L is scheduled for formal adoption in June 2024.
00:07:19:20 - 00:07:50:17
Now is the time for motorcycle and scooter OEMs that sell in UN member states to start thinking about cybersecurity and initiate robust planning for the upcoming regulatory requirements. Cybersecurity for two-wheelers has arrived, and the sooner the industry starts to prepare, the better. Need help navigating the cybersecurity compliance maze? Contact the Placidity Xe Services team to get you started with gap analysis, CMS, and motorcycle type approval.
00:07:52:12 - 00:07:58:10
That’s all for today’s episode. Keep your engines running smooth and your cyber defenses sharp.
00:07:58:10 - 00:08:02:23
Stay connected by subscribing and visiting Placidity-X.com.
00:08:02:23 - 00:08:06:23
Until next time, stay safe on the road and in the cloud.