2023-10-12 by Suhas Konanur VCS
The increasing digitalization of vehicle systems due to automated driving, connectivity and new mobility concepts has led to increased demands on cybersecurity in electrical and electronic (E/E) systems for vehicles across the supply chain of the automotive industry.
The creation and maintenance of products in deeply integrated supply chains necessitates a sustainable implementation of vehicle cybersecurity (VCS) across the various partners as well as proper risk management and governance from the customer's perspective.
This has already led to an increasing demand for certifications, which currently can only be met by proprietary "ISO/SAE 21434 certifications" from individual audit companies.
Therefore, a project group consisting of experts from vehicle manufacturers, suppliers and E/E component engineering service providers investigated the feasibility of a meaningful VCS audit within the ENX audit ecosystem - building on experiences and processes from the automotive assessment and exchange mechanism for information and cybersecurity in the organization (TISAX).
To provide a comprehensive answer to this question, the group developed a minimum viable audit scheme. The approach was then reviewed in six pilot audits.
The pilot approach was chosen to achieve two goals: Validating the approach towards the project and the ENX Association, while aiming for fully robust audit results regarding the individually audited cybersecurity management systems.
This study has been completed. The project report is available.
The work led to the following recommendations of the project group:
The full project report describing the project and its results of the project and the developed Vehicle Cyber Security Audit (VCSA) as major work product is now available. Additionally, a comparison of the questions contained in VCSA and the example provided in Annex A to the ISO/PAS 5112:2022 is now available.