Vehicles Cybersecurity and Software Update

Europe

Vehicles Cybersecurity and Software Update
The automotive sector is undergoing a profound transformation with the digitalization of in-car systems that are necessary to deliver vehicle automation, connectivity and shared mobility. Smart cars available today are vehicles equipped with systems providing connected and added-value features in order to enhance car users experience and/or improve car safety. Within the next few years, smart cars’ connectivity is expected to expand and smart cars will become connected to other vehicles, pedestrians and their surrounding infrastructure through information exchanges via V2X communications. This comes with significant cybersecurity risks, as hackers seek to access electronic systems and data, threatening vehicle safety and consumer privacy. Two new UN Regulations on Cybersecurity and Software Updates will help tackle these risks by establishing clear performance and audit requirements for car manufacturers. 

The two new UN Regulations, adopted by UNECE’s World Forum for Harmonization of Vehicle Regulations, require that measures be implemented across 4 distinct disciplines: Managing vehicle cyber risks; Securing vehicles by design to mitigate risks along the value chain; Detecting and responding to security incidents across vehicle fleet; Providing safe and secure software updates and ensuring vehicle safety is not compromised, introducing a legal basis for so-called “Over-the-Air” (O.T.A.) updates to on-board vehicle software.

The regulations will apply to passenger cars, vans, trucks and buses. They will enter into force in January 2021. In the European Union, the new regulation on cyber security will be mandatory for all new vehicle types from July 2022 and will become mandatory for all new vehicles produced from July 2024.

ATIC experts are working under designated technical services in Europe to conduct Initial Assessment, Witness Testing and CoP assessment as authorized inspectors under authorities including e/E4 Netherland, e/E5 Sweden, e/E13 Luxembourg, e/E24 Ireland, e/E49 Cyprus, e/E32 Latvia and e/E36 Lithuania.
.
Please click here for more European homologation:
General Steps
Application
A description of the vehicle type
Certificate of Compliance of CSMS/SUMS
Initial Assessment
Technology document assessment
Risk management assessment
Supplier-related assessment (if any)
Testing
Making a testin plan
Implementing the testing and writing the reports
Approval
Reviewing all the documentation
Issuing the certificate
Cybersecurity Vehicle Types Approval
Scope
  • This Regulation applies to vehicles, with regard to cyber security, of the Categories M and N. 
  • This Regulation also applies to vehicles of Category O if fitted with at least one electronic control unit. 
  • This Regulation also applies to vehicles of the Categories L6 and L7 if equipped with automated driving functionalities from level 3 onwards

Definitions
  • "Cyber security" means the condition in which road vehicles and their functions are protected from cyber threats to electrical or electronic components. 
  • "Cyber Security Management System (CSMS)" means a systematic risk-based approach defining organisational processes, responsibilities and governance to treat risk associated with cyber threats to vehicles and protect them from cyber- attacks. l 
  • "Development phase" means the period before a vehicle type is type approved. 
  • "Production phase" refers to the duration of production of a vehicle type. 
  • "Post-production phase" refers to the period in which a vehicle type is no longer produced until the end-of-life of all vehicles under the vehicle type. Vehicles incorporating a specific vehicle type will be operational during this phase but will no longer be produced. The phase ends when there are no longer any operational vehicles of a specific vehicle type.

  • The application for approval of a vehicle type with regard to cyber security shall be submitted by the vehicle manufacturer or by their duly accredited representative. 
  • It shall be accompanied by the undermentioned documents in triplicate, and by the following particulars. 
1. A description of the vehicle type with regard to the items specified in Annex 1 to this Regulation. 
2. In cases where information is shown to be covered by intellectual property rights or to constitute specific know-how of the manufacturer or of their suppliers, the manufacturer or their suppliers shall make available sufficient information to enable the checks referred to in this Regulation to be made properly. Such information shall be treated on a confidential basis.
  • The Certificate of Compliance for CSMS. 

  • The manufacturer shall have a valid Certificate of Compliance for the Cyber Security Management System relevant to the vehicle type being approved. However, for type approvals prior to 1 July 2024, if the vehicle manufacturer can demonstrate that the vehicle type could not be developed in compliance with the CSMS, then the vehicle manufacturer shall demonstrate that cyber security was adequately considered during the development phase of the vehicle type concerned.
  • The vehicle manufacturer shall identify and manage, for the vehicle type being approved, supplier-related risks. 
  • The vehicle manufacturer shall identify the critical elements of the vehicle type and perform an exhaustive risk assessment for the vehicle type and shall treat/manage the identified risks appropriately. 
  • The vehicle manufacturer shall protect the vehicle type against risks identified in the vehicle manufacturer’s risk assessment. Proportionate mitigations shall be implemented to protect the vehicle type. In particular, for type approvals prior to 1 July 2024, the vehicle manufacturer shall ensure that another appropriate mitigation is implemented if a mitigation measure referred to in Annex 5, Part B or C is technically not feasible. The respective assessment of the technical feasibility shall be provided by the manufacturer to the approval authority.
  • The vehicle manufacturer shall put in place appropriate and proportionate measures to secure dedicated environments on the vehicle type (if provided) for the storage and execution of aftermarket software, services, applications or data. 
  • The vehicle manufacturer shall perform, prior to type approval, appropriate and sufficient testing to verify the effectiveness of the security measures implemented. 
  • The vehicle manufacturer shall implement measures for the vehicle type to: 
1. Detect and prevent cyber-attacks against vehicles of the vehicle type; 
2. Support the monitoring capability of the vehicle manufacturer with regards to detecting threats, vulnerabilities and cyber-attacks relevant to the vehicle type; 
3. Provide data forensic capability to enable analysis of attempted or successful cyber-attacks. 
  • Cryptographic modules used for the purpose of this Regulation shall be in line with consensus standards. If the cryptographic modules used are not in line with consensus standards, then the vehicle manufacturer shall justify their use.

  • Contracting Parties shall appoint an Approval Authority to carry out the assessment of the manufacturer and to issue a Certificate of Compliance for CSMS. 
  • An application for a Certificate of Compliance for Cyber Security Management System shall be submitted by the vehicle manufacturer or by their duly accredited representative. 
  • It shall be accompanied by the undermentioned documents in triplicate, and by the following particular:
1. Documents describing the Cyber Security Management System.
2. A signed declaration using the model as defined in Appendix 1 to Annex 1. 
  • The Certificate of Compliance for CSMS shall remain valid for a maximum of three years from the date of deliverance of the certificate unless it is withdrawn. 
  • At the end of the period of validity of the Certificate of Compliance for CSMS, the Approval Authority shall, after a positive assessment, issue a new Certificate of Compliance for CSMS or extend its validity for a further period of three years. 
  • The Approval Authority shall issue a new certificate in cases where changes have been brought to the attention of the Approval Authority or its Technical Service and the changes have been positively re-assessed.

  • The vehicle manufacturer shall demonstrate to an Approval Authority or Technical Service that their Cyber Security Management System applies to the development phase, production phase and post-production phase. 
  • The vehicle manufacturer shall demonstrate that the processes used within their Cyber Security Management System ensure security is adequately considered, including risks and mitigations listed in Annex 5. 
  • The vehicle manufacturer shall demonstrate that the processes used within their Cyber Security Management System will ensure that cyber threats and vulnerabilities which require a response from the vehicle manufacturer shall be mitigated within a reasonable timeframe. 
  • The vehicle manufacturer shall demonstrate that the processes used within their Cyber Security Management System will ensure that the monitoring shall be continual. 
  • The vehicle manufacturer shall be required to demonstrate how their Cyber Security Management System will manage dependencies that may exist with contracted suppliers, service providers or manufacturer’s sub-organizations. 

Software Update Vehicle Types Approval
Scope
This Regulation applies to vehicles of Categories1 M, N, O, R, S and T that permit software updates.

Definitions
  • "RX Software Identification Number (RXSWIN)" means a dedicated identifier, defined by the vehicle manufacturer, representing information about the type approval relevant software of the Electronic Control System contributing to the Regulation N° X type approval relevant characteristics of the vehicle. 
  • "Software update" means a package used to upgrade software to a new version including a change of the configuration parameters. 
  • "Software Update Management System (SUMS)" means a systematic approach defining organizational processes and procedures to comply with the requirements for delivery of software updates according to this Regulation. 
  • "Vehicle user" means a person operating or driving the vehicle, a vehicle owner, an authorised representative or employee of a fleet manager, an authorised representative or employee of the vehicle manufacturer, or an authorized technician. 
  • "Over-the-Air (OTA) update" means any method of making data transfers wirelessly instead of using a cable or other local connection.

  • The application for approval of a vehicle type with regard to software update processes shall be submitted by the vehicle manufacturer or by their duly accredited representative. 
  • It shall be accompanied by the undermentioned documents in triplicate, and by the following particulars: 
1. A description of the vehicle type with regard to the items specified in Annex 1 to this Regulation. 
2. In cases where information is shown to be covered by intellectual property rights or to constitute specific know-how of the manufacturer or of their suppliers, the manufacturer or their suppliers shall make available sufficient information to enable the checks referred to in this Regulation to be made properly. Such information shall be treated on a confidential basis. 
3. The Certificate of Compliance for Software Update Management System according to paragraph 6. of this Regulation. 
4. A vehicle representative of the vehicle type to be approved shall be submitted to the Technical Service responsible for conducting approval tests.

  • The authenticity and integrity of software updates shall be protected to reasonably prevent their compromise and reasonably prevent invalid updates. 
  • Each RXSWIN shall be uniquely identifiable. Each RXSWIN shall be uniquely identifiable. When type approval relevant software is modified by the vehicle manufacturer, the RXSWIN shall be updated if it leads to a type approval extension or to a new type approval. 
  • Each RXSWIN shall be easily readable in a standardized way via the use of an electronic communication interface, at least by the standard interface (OBD port). 
  • Additional Requirements for over the air updates 
1. Restore function if update fails;
2. Execute update only if sufficient power;
3. Ensure safe execution;
4. Inform users about each update and about their completion;
5. Ensure vehicle is capable of conducting update;
6. Inform user when a mechanic is needed.

  • Contracting Parties shall appoint an Approval Authority to carry out the assessment of the manufacturer and to issue a Certificate of Compliance for Software Update Management System. 
  • An application for a Certificate of Compliance for Software Update Management System shall be submitted by the vehicle manufacturer or by their duly accredited representative. 
  • It shall be accompanied by the undermentioned documents in triplicate, and by the following particular: 
1. Documents describing the Software Update Management System. 
2. A signed declaration using the model as defined in Appendix 1 to Annex 1. 
  • The Certificate of Compliance for SUMS shall remain valid for a maximum of three years from the date of deliverance of the certificate unless it is withdrawn. 
  • At the end of the period of validity of the Certificate of Compliance for Software Update Management System, the Approval Authority shall, after a positive assessment, issue a new Certificate of Compliance for Software Update Management System or extends its validity for a further period of three years. 
  • Existing vehicle type approvals shall not lose their validity due to the expiration of the manufacturer’s Certificate of Compliance for Software Update Management System. 

  • Recording and storing all the relevant information documentation;
  • Recording the hardware and software versions relevant to a vehicle type;
  • Identifying software relevant for type approval;
  • Verifying that the software on a component is what it should be;
  • Identifying interdependencies, especially with regards to software updates;
  • Identifying vehicle targets and verifying their compatibility with an update;
  • Assessing if a software update affects the type approval or legally defined;
  • Assessing if an update affects safety or safe driving;
  • Informing vehicle owners of updates;
  • Documenting all the above.
  • Recording and storing the relevant content and information of each update in detail;
  • Demonstrating the security of the software updates;
  • Additional requirements for software updates over the air 

Get a Quotation Now

Log in to ATICTM Digital Customer Platform to request quotations, browse 16000+ regulations and 
SoPs cover more than 54 countries, submit information documents and manage your certification projects.

More Queries, Let's Chat Online →