Regulations in the automotive industry are evolving rapidly in response to the rise of IoT and connected technologies. These regulations promise to ensure safety, security, and privacy, but what do they really mean for you as an Original Equipment Manufacturer (OEM) or industry stakeholder?  

Understanding the Regulatory Landscape 

As vehicles become increasingly connected, governments and industry bodies worldwide have established cybersecurity regulations to safeguard public safety and data privacy. Key frameworks shaping the automotive industry include: 

ISO/SAE 21434 

ISO/SAE 21434 provides a comprehensive framework for managing cybersecurity risks across the entire vehicle lifecycle, from concept and design to decommissioning. This standard emphasizes the need for a robust cybersecurity management system (CSMS) that ensures a proactive approach to risk assessment and mitigation. It advocates for the integration of security-by-design principles into every stage of product development. Furthermore, ISO 21434 highlights the importance of continuous monitoring and improvement of cybersecurity measures to address evolving threats and vulnerabilities in connected vehicles. 

UNECE WP.29 R155 and R156 

The United Nations Economic Commission for Europe (UNECE) introduced R155 and R156 to establish global cybersecurity and software update standards for connected vehicles. These regulations require manufacturers to develop a comprehensive CSMS and a Software Update Management System (SUMS). Regular risk assessments and vulnerability management are essential components of these frameworks, ensuring that cybersecurity controls remain effective throughout the vehicle’s lifecycle. Additionally, secure over-the-air (OTA) updates are mandated to maintain the integrity of vehicle software and prevent unauthorized access. 

AIS 189 and AIS 190 

India’s AIS 189 and AIS 190 standards align with UNECE regulations while addressing regional requirements, such as data localization. AIS 189 focuses on implementing robust cybersecurity controls to protect against threats, while AIS 190 emphasizes securing OTA updates and maintaining detailed compliance documentation. These standards also underscore the importance of conducting regular audits and maintaining transparency in regulatory processes, ensuring that cybersecurity measures meet both global and local needs. 

Challenges Facing Automotive OEMs 

While these regulations are essential for protecting the connected vehicle ecosystem, OEMs face several challenges in achieving compliance. Developing CSMS and SUMS systems demands significant investment in technology and resources, which can lead to high research and development costs. Adapting existing processes to align with regulatory frameworks often requires extensive training and process reengineering, creating operational challenges. Furthermore, stringent compliance audits and reporting requirements add administrative complexity, increasing the burden on OEMs to meet regulatory standards. 

Device Authority’s Role in Simplifying Compliance 

At Device Authority, we empower OEMs to meet these regulatory requirements through our industry-leading KeyScaler™ platform. This platform is designed to streamline compliance processes and enhance cybersecurity measures for connected vehicles. 

Seamless Compliance with ISO/SAE 21434 

Device Authority’s KeyScaler platform automates cybersecurity workflows, reducing reliance on manual processes and minimizing human error. It supports dynamic identity management and secure device onboarding, ensuring that connected components are protected throughout their lifecycle. Additionally, the platform leverages AI-powered threat intelligence to proactively identify and mitigate risks, enhancing the overall security posture of connected vehicles. 

Alignment with UNECE R155 and R156 

KeyScaler facilitates secure OTA updates by employing robust encryption and authentication mechanisms to protect against unauthorized access and tampering. The platform also provides real-time monitoring and incident response capabilities, enabling OEMs to address vulnerabilities promptly. Furthermore, KeyScaler offers comprehensive lifecycle management for vehicle components, ensuring that cybersecurity measures remain effective from production to decommissioning. 

Adherence to AIS 189 and AIS 190 

KeyScaler supports AIS 189 and AIS 190 compliance by delivering advanced supply chain security features, including anti-clone and anti-spoof mechanisms. The platform ensures that OEMs are audit-ready by automating compliance documentation and reporting processes. Additionally, KeyScaler simplifies the integration of cybersecurity controls into existing systems, allowing OEMs to achieve compliance without disrupting their operations. 

Ecosystem Awareness and Collaboration 

In the world of IoT and automotive cybersecurity, it is essential to recognize that no single entity can solve the challenges alone. The need to be ecosystem-aware has never been greater, as collaboration among key stakeholders is crucial to addressing security vulnerabilities and ensuring compliance. Problems are best solved through partnerships, not isolation. Examples of collaborative efforts include integrations with CyberArk, Venafi, Entrust, and Microsoft, which enhance the ability to secure connected vehicle ecosystems through shared expertise and resources. 

Device Authority’s reference architecture with Microsoft is a prime example of such collaboration, offering a robust framework that leverages Microsoft’s cloud infrastructure and Device Authority’s KeyScaler platform to deliver comprehensive security solutions. [Insert diagram showcasing the Microsoft reference architecture here.] 

The Future of Automotive Cybersecurity 

As IoT continues to redefine the automotive landscape, the need for secure and compliant systems will only grow. Regulations like ISO 21434, UNECE R155/R156, and AIS 189/190 provide a solid foundation for ensuring the safety and resilience of connected vehicles. However, achieving compliance requires a strategic approach, leveraging advanced technologies to streamline processes and reduce costs. 

At Device Authority, we are proud to lead the charge in automotive cybersecurity, offering scalable solutions that empower OEMs to build secure, compliant, and innovative vehicles. The regulatory landscape is not just shifting globally but also evolving rapidly in the United States, where recent developments underscore the growing emphasis on autonomous vehicle safety and accountability. Without delving into political influences, it is clear that the U.S. is taking significant steps to shape policies around connected and autonomous vehicles, reflecting the need for robust frameworks that ensure security and innovation coexist. By addressing today’s regulatory challenges, we enable the automotive industry to unlock the full potential of IoT, driving a safer and more connected future.