Introduction
The amount and complexity of components and software that make up E/E (Electrical/Electronic) architectures in vehicles will continue to increase. The automotive industry is constantly changing to adapt to new market requirements, and the security of these environments has become a huge challenge, with the ever-increasing connectivity of vehicles, as well as more powerful and multipurpose ECUs (Electronic Control Units), combined with more mainstream technologies.
Efforts in advancing cybersecurity in the automotive industry have resulted in a number of regulations, standards, and partnerships such as the AUTOSAR consortium[1]. These efforts have provided common frameworks and security requirements and even aim at establishing an open industry standard for automotive E/E architectures. As a result, they provide valuable content to shift the security left and apply the “security by design” concept to harden these environments from the get-go.Â
IriusRisk provides the content, support, and flexibility necessary to automate and guide the process of building secure automotive components and software.
The UNECE WP.29 regulation and ISO 21443 standard
IriusRisk provides the UNECE WP.29 library listing risks and mitigations enumerated in Annex 5 of the WP.29 regulation[2].
This list is one of the main differences between the WP.29 regulation and the ISO 21434 standard[3]. WP.29 is quite specific in this area providing this list as a baseline in order to assess if a vehicle and its connected services are secure. The standard, on the other hand, goes deep into describing how to do certain cybersecurity activities; including threat and risk assessment and cybersecurity
Read more