UNECE regulations for automotive cybersecurity adopted
On June 24, the UNECE World Forum for Harmonization of Vehicle Regulations adopted the long-awaited new UN regulations on cybersecurity and software updates for connected vehicles. In addition to the 54 signatories, which include Germany and the EU, South Korea and Japan will also adopt the agreement. The UNECE regulations will come into force from January 2021 and will be binding in the EU in summer 2022.
The UN guidelines provide automakers with clearly defined performance and audit requirements for IT security and software updates for vehicles. They represent the first ever harmonized and binding international standards in this sector. The UNECE regulations require specific measures to be taken in four areas:
- Management of cyberrisks for vehicles
- Security by design during vehicle development to minimize risks along the value chain
- Intrusion detection and protection for the entire vehicle fleet
- Provision of secure software updates and establishment of a legal basis for over-the-air updates
The guidelines apply to cars, vans, trucks, and buses. In the EU, the new regulations will be compulsory for all new vehicle types from July 2022, and for all new vehicles manufactured from July 2024. Together, the EU, South Korea, and Japan – which have all committed to the agreement – represent around one-third of global car production. In addition, the new cybersecurity regulations apply to all manufacturers intending to sell their vehicles in those markets.
ESCRYPT has been following the development of the UN regulations and other automotive security standards for a long time. In collaboration with management consultancy KPMG, ESCRYPT supports OEMs and suppliers around the world in establishing and implementing compliant cybersecurity management systems. ESCRYPT also offers security analyses as well as security testing services and professional consulting for automotive-specific security design. The company provides all the elements required for vehicle security monitoring for vehicle fleets in the field – from intrusion detection in the vehicle (CycurIDS) and in the backend (CycurGUARD), to the Vehicle Security Operation Center (VSOC).
The UNECE press release on the new regulations is available here.
The original wording of the UNECE agreement is available here.
Find out more about the new regulations in the recorded ESCRYPT-Webinar "Mastering UNECE cybersecurity requirements – opportunities and challenges of the new regulation".