Skip to main content
search results
Sorry, but nothing matched your search terms. Sorry, but nothing matched your search terms. Sorry, but nothing matched your search terms. Désolé, mais rien ne correspond à vos critères de recherche. Désolé, mais rien ne correspond à vos critères de recherche. Entschuldigung, wir haben nichts zu diesem Suchbegriff gefunden.
Sorry, but we cannot handle your search query now. Please, try again later! Sorry, but we cannot handle your search query now. Please, try again later! Sorry, but we cannot handle your search query now. Please, try again later! Désolé, mais nous ne pouvons pas traiter votre demande. Veuillez réessayer plus tard ! Désolé, mais nous ne pouvons pas traiter votre demande. Veuillez réessayer plus tard ! Entschuldigung, wir können Ihre Suchanfrage zurzeit nicht bearbeiten. Bitte versuchen Sie es später noch einmal.
Search suggestions

Is cybersecurity the new defining power of future vehicles?

The automotive industry takes the issue of cybersecurity very seriously. The unique challenges posed by the four major developments of the sector (automation, connectivity, shared mobility, and alternative fuels) made it necessary to implement strict regulations, so innovation doesn’t come at the expense of security.

With vehicles now collecting, accessing, and storing a large volume of data, cybersecurity has become a major focus for the automotive sector. In fact, work’s been underway for more than a decade to answer the unique security questions posed by the big auto industry disruptors – automation, connectivity, and e-mobility. 

As early as 2011, manufacturers were working with the United Nations Economic Commission for Europe (UNECE) to develop a regulatory framework to support auto cybersecurity. Incidentally, the security risk received worldwide attention in 2015 when white hat hackers took control of a vehicle over the internet, leading to the recall of 1.4m vehicles, and the industry responded by redoubling its efforts to tackle the issue. 

According to the UNECE, cars now contain up to 150 electronic control units and about 100 million lines of  code – four times more than a fighter jet – and that’s projected to rise to 300 million lines of code by 2030 

The new frontier: UN R155 and UN R156

To address the growing threat of cyberattacks, the UNECE published the first regulations in January 2021. UN R155 and UN R156, regulations aiming at enhancing the security of current and future car models, were implemented in July 2022 for new type approvals. From July 2024, they’ll become mandatory for all new cars produced across 54 countries 

  1. UN R155 mandates that vehicles must have a Cybersecurity Management System (CSMS) in place, meaning applying cybersecurity practices and measures across the development process and life-cycle of vehicles. Although no CSMS is currently mandatory for suppliers, they tend to put in place the right processes, assessments and security concepts (e.g. ISO 21434) to comply with regulations. 
  2. UN R156 deals with the software update management system (SUMS). It provides all the requirements to achieve a secure software update during the life-cycle of a system. 

The players on the new frontier

Automotive cyber security players

Three unique cybersecurity challenges facing automotive

  1. One-size needs to fit all
    Cybersecurity is relatively new to automotive – it’s been a focus for around ten years, so it’s still work in progress. The current major challenge is to standardise the security concepts, to make sure all manufacturers and suppliers use the same. It was a success on the diagnostics feature, prioritised because it’s a crucial security feature. Whether a manufacturer or a supplier wants to implement a diagnostic interface, they will always need to refer to the Unified Diagnostic Service (UDS) standard. ‘Unified’ in this context means that it’s an international and not a company-specific standard. The main goal today is to have a standard for all the security relevant features, which is obviously very complex to achieve, as all manufacturers will need to agree on them.
  2. An eternal update cycle
    An additional challenge comes from the length of the automotive product life-cycle, opposed to the rapid evolution of cyber-threats. Development life-cycles range up to five years, and the average age of a car at scrappage is 12 years, therefore an end-to-end lifecycle of more than 15 years to account for. Add on top of that the embedded aspect of the automotive systems. Automotive manufacturers have limited resources and need to limit the cost of a new vehicle, so they can’t always integrate the best security into the systems. When an algorithm or a hardware security is selected, it’s based on international recommendations like NIST or FIPS and commit to providing unbreakable features for at least 10 years. If a security vulnerability is found, or if the algorithms are outdated, they’ll need to be managed via software updates.   
  3. A time of seismic change
    With increased connectivity comes greater threats. In the past, hacking events primarily resulted in inconvenience to infotainment users. Now cyber-attacks can impact the safety of drivers, passengers, and other road users. This means cyber protection is now on par with functional safety. On top of that, new transport on-demand or MaaS (Mobility as a Service) models will pose new problems to solve, like the security of payments, billing, and personal data.  

Keeping up with innovation with Expleo

In the battle between innovation and cybersecurity, innovation needs to keep winning. Automotive consumers prefer innovative features and are willing to share personal data to take advantage of them. Since market demand still favors innovation, OEMs and tier 1 and 2 suppliers need to keep up with the dynamics of automation and connectivity, or they take the risk of falling behind. But favouring innovation shouldn’t mean accepting the risk of cyber incidents. The focus should be on the integration of innovation, cybersecurity, and functional safety to shape the future of the auto industry.  

We draw skills and experience across engineering and technology – everything from Banking, Financial Services, and Insurance (BFSI) to automotive engineering – which means we offer a unique combination of design thinking to our clients that delivers innovation while ensuring safety and security. We also guide our customers to navigate the ever-changing regulatory landscape. 

Let's talk

To find out more about regulation or to discuss other cybersecurity related services, contact our cybersecurity team.

Please fill in the form below and we will get in touch with you shortly.

Download whitepaper