How prepared are you for the new cybersecurity requirements?
The upcoming UN Regulation 155 requires adequate security for vehicle types. From 2024, vehicle types must have been developed according to a certified Cybersecurity Management System (CSMS). This makes a technical security gap analyses of future and legacy architectures for WP.29 necessary.
ESCRYPT’s technical vehicle type approval readiness assessment provides a sound foundation for technical roadmaps, budget estimation and business decisions.
The vehicle type approval readiness assessment is a component of PROOF, ESCRYPT‘s Product Security Organization Framework. PROOF is a proven approach to guide manufacturers and suppliers from the first readiness check to the commissioning and operation of a CSMS.
It takes time to implement the new cybersecurity requirements into your processes. Start today if you want to ensure your future products receive type approval.
With AUTOSAR to UNECE-compliant cybersecurity – Watch our webinar recording to learn how to realize type-approvable development and retrofit of E/E architectures with AUTOSAR and download our whitepaper.
Assessing type approval readiness
The method
ESCRYPT’s vehicle type approval readiness assessment focuses on the critical elements as well as E/E level measures. Its criteria are based on
- the regulation text,
- the task force’s interpretation document,
- lessons learned from the WP.29 test phase in 2019, and
- well over a decade of experience in engineering secure vehicle types.
The assessment uses well-defined criticality indicators to identify potentially critical elements of the E/E architecture. These elements are matched with the threats from Annex 5 of the regulation and appropriate security controls. ESCRYPT’s readiness report puts a specific focus on economic considerations in order to balance compliance, security, and financial viability.
Work items
- ESCRYPT‘s experts conduct a technical analysis of the target vehicle type, i.e. its E/E architecture, together with the customer’s internal stakeholders.
- In a customer workshop, ESCRYPT leads through a WP.29 gap analysis of vehicle type‘s elements, their cybersecurity criticalities and current security controls.
- This results in a completed readiness assessment calculation sheet with an initial budget estimation to prepare the vehicle type for approval.
- Following the workshop, ESCRYPT creates and delivers a readiness report with additional E/E level recommendations that can optimize preparations for type approval.
