Feasibility Study of VCS Audit Within ENX Ecosystem Concluded

2023-10-12 by Suhas Konanur VCS

Feasibility Study of VCS Audit Within ENX Ecosystem Concluded

Need

The increasing digitalization of vehicle systems due to automated driving, connectivity and new mobility concepts has led to increased demands on cybersecurity in electrical and electronic (E/E) systems for vehicles across the supply chain of the automotive industry.

The creation and maintenance of products in deeply integrated supply chains necessitates a sustainable implementation of vehicle cybersecurity (VCS) across the various partners as well as proper risk management and governance from the customer's perspective.

This has already led to an increasing demand for certifications, which currently can only be met by proprietary "ISO/SAE 21434 certifications" from individual audit companies.

Work

Therefore, a project group consisting of experts from vehicle manufacturers, suppliers and E/E component engineering service providers investigated the feasibility of a meaningful VCS audit within the ENX audit ecosystem - building on experiences and processes from the automotive assessment and exchange mechanism for information and cybersecurity in the organization (TISAX).

To provide a comprehensive answer to this question, the group developed a minimum viable audit scheme. The approach was then reviewed in six pilot audits.

The pilot approach was chosen to achieve two goals: Validating the approach towards the project and the ENX Association, while aiming for fully robust audit results regarding the individually audited cybersecurity management systems.

This study has been completed. The project report is available.

Recommendation

The work led to the following recommendations of the project group:

  • provide the project results to the automotive cybersecurity community for further reviewing, commenting and use,
  • make the developed, piloted and revised VCS audit available to interested parties and to recognise the results gained in these audits,
  • establish an industry expert working group to continuously supporting and improving of the VCS scheme.

The full project report describing the project and its results of the project and the developed Vehicle Cyber Security Audit (VCSA) as major work product is now available. Additionally, a comparison of the questions contained in VCSA and the example provided in Annex A to the ISO/PAS 5112:2022 is now available.