Cybersecurity in cars has evolved from being an afterthought – where solutions were added to vehicles as needed – to becoming a core part of their DNA, built into the design from day one.
That said, meeting today’s cybersecurity standards is no small feat for automakers. With regulations like UNECE R155 and R156 now in effect, automotive Original Equipment Manufacturers (OEMs) must be proactive. This is the only way they can stay compliant and protect vehicle safety while maintaining production flow and avoid potential revenue impacts.
At Irdeto, we’re making this process as smooth as possible. We’ve partnered with Parkopedia to deliver secure, streamlined solutions that meet industry demands without adding unnecessary complexity.
To gain more insights into the challenges facing OEMs, we spoke with Juha Hytönen, our Senior Director of Electric Vehicles, about how automakers can tackle these hurdles and what lies ahead for the industry.
It’s come a long way! The first wave of cybersecurity solutions has already rolled out across the industry, and thankfully, we’ve managed to avoid major vehicle-related hacks. However, as the industry matures, hackers are also shifting their focus.
The spotlight will likely now be turning toward back-end services and manufacturing processes, where vulnerabilities still exist. This is where automakers need to double down on their efforts, and it’s an area where Irdeto excels.
Plug & Charge (PnC) is upgrading the EV charging experience, simplifying how drivers authenticate and pay at charging stations. UN R155/R156 affect PnC in the same way as they impact the design of any electronic control units.
International standards such as ISO 15118 and the VDA guidance align closely with these regulations, but they only cover part of the requirements.
Achieving full compliance across an entire ecosystem will remain a utopia for the time being, especially with modern vehicles having deeply embedded systems that sometimes involve cross-organizational borders that cannot be controlled by OEMs (as is the case with their cloud infrastructure providers). This becomes even more complex in a world where over-the-air software updates are the norm.
The practice of software composition analysis, however, has been part of the automotive industry for a long time and the concept of the software bill of materials required for supply chain management is not an entirely new concept. While there’s still room for improvement, the cybersecurity capabilities of OEMs and Tier-1 suppliers of in-car systems are improving all the time.
At Irdeto, we don’t just meet standards, we set them. Our information security management system follows ISO 27001 and we go above and beyond with both rigorous internal and external testing to keep our cybersecurity posture rock solid.
What makes us stand out is our end-to-end approach. We own and supervise the technology, people and facilities used to deliver our services, which gives us unmatched reliability. To date, we’ve handled over two billion encryption keys and certificates without a single incident.
Parkopedia complements this perfectly by delivering automotive-grade connected services with certifications for security, privacy, quality, payment processing and environmental standards. This approach to certification means that Parkopedia’s entire business processes are set up with compliance in mind.
Given that China is not yet signed up to the UNECE rules, Chinese OEMs will face additional efforts in meeting these requirements, running an increased risk of being non-compliant. This is an even bigger threat now that many of them are looking to global markets to increase sales. Any hurdles or additional costs in gaining compliance could harm the expansion of their brands.
There should, however, be greater awareness about the potential risks to European and US markets of non-compliant connected vehicles. We should consider how to ensure the privacy of our citizens and prevent foreign fleets from potentially being tampered with.
With the Irdeto and Parkopedia partnership, the key benefit is simplicity. Our back-end to back-end integrations deliver maximum value with minimal complexity. OEMs get a seamless solution with top-tier security, without being directly subject to R155/R156 regulations.
Back-end to back-end integrations change the risk profile and avoid R155/R156 stipulations but are still covered by legislation such as the EU Cybersecurity Act or Critical Entities Resilience Act. This means that it’s important to understand which rules apply.
Fortunately, the IT security standards for back-end systems are well-established, which allows us to focus on what really matters: enhancing the experience for drivers and adding value for OEMs.
Read more about Parkopedia and Irdeto’s new multi-contract PnC solution, offering a seamless charging experience to drivers and OEMs alike.
Mobile game hacking is continually adapting its approach to pirate titles and distribute them both to suspecting and unsuspecting gamers. Just to...
Today’s entertainment industry has evolved and diversified rapidly. How can online piracy detection help it? Read now!
Innovation, what does that word really mean? The word is thrown around loosely these days when coming to describe a company, product, or thing,...