This case study illustrates the approach Expleo adopted to ensure compliance with automotive cybersecurity regulations according to UN R155/R156 for Embedded Systems within a new automotive Infotainment system.
Who is the client?
Our client is one of the world’s leading automotive manufacturers.
What was the problem?
Our client was developing a new car infotainment system and was in search of a collaborator capable of providing end-to-end support for a worldwide security and safety initiative, with the aim of ensuring compliance with UN R155/R156 cybersecurity automotive regulations.
The project encompassed a comprehensive cybersecurity safety strategy, incorporating Threat Analysis and Risk Assessment (TARA), the development of cybersecurity functionalities, coordination of testing, implementation of corrective measures, and management of suppliers.
What was the Expleo solution to reach UN R155/R156 regulation compliance?
Our dedicated team of Functional Safety and cybersecurity experts took charge of a comprehensive suite of responsibilities to reach UN R155/R156 regulation compliance. Initially, they conducted a thorough risk analysis (Threat Analysis and Risk Assessment – TARA) and adeptly handled the emerging risks, laying the groundwork for a robust cybersecurity posture. They further advanced the project by developing detailed threat models, which provided insights into potential vulnerabilities and informed our security strategies.
In defining cybersecurity concepts, the team established a clear and actionable framework for addressing and mitigating cybersecurity threats. This was complemented by their efforts in crafting precise testing and security specifications, ensuring that all cybersecurity measures were both effective and verifiable. The outcomes of the tests were reviewed to facilitate the evaluation of risk acceptance.
A key aspect of their role involved defining essential security features, tailor-made to fortify the systems against a wide range of cyber threats. Regarding the critical aspects of supply chain security, they facilitated communication with suppliers, focusing on risk management at the component level. This not only heightened the security measures but also fostered a culture of cybersecurity awareness and collaboration among partners and suppliers.
Moreover, our team took an active role in monitoring the implementation of these security concepts at the supplier level, ensuring that the high standards for cybersecurity were consistently met across the board. Their support was instrumental in aligning the project with the stringent requirements of UN R155/R156 regulations, demonstrating a comprehensive commitment to cybersecurity excellence that spanned the entirety of the project lifecycle.
How did the solution help?
Rather than coordinating with multiple suppliers for the diverse skill sets required, our client gained advantage from a singular point of contact proficient in overseeing the entire project, possessing dual expertise in functional safety and cybersecurity.
This approach streamlined the project’s management and effectively reduced its complexity, ensuring alignment with UN R155/R156 regulatory standards.
What were the results of using our penetration testing lab?
The infotainment system, including cybersecurity and functional safety features, has been validated, and compliance with UN R155/R156 automotive cybersecurity regulation has been assessed and validated.
Could it work for me?
Our automotive cybersecurity services can benefit all OEMs, as well as tier-one and tier-two suppliers. Our comprehensive offerings include risk prevention and compliance with UN R155/R156 automotive regulations, architecture design, secure products and functionalities development, and testing your systems’ resilience . Furthermore, we provide training and upskilling programmes for your teams, equipping them with the necessary knowledge and skills to navigate the complexities of automotive cybersecurity.
Cybersecurity is vital for the safety of Software-Defined vehicles. Learn how Expleo can tackle your challenges in their development.
Contact us
Expleo can assist you in ensuring your product cybersecurity certification & compliance