Over the last five years the automotive industry has been undergoing massive change; moving from an industry often seen as a laggard for new technology adoption to one that is now pushing the boundaries. Almost every aspect of modern vehicle design has become fully connected and leverages the same software platforms found in mobile devices.
This is translating into new behavioural models as consumers place their trust in the quality and reliability of these advanced services, which impact everything from the data integrity in sensors while parking to driving at high speeds on motorways with adaptive cruise control. Software is at the centre of new vehicle design which creates challenges for an industry that, for many years, has viewed software as a black box environment.
Each building block that goes into the vehicle containing even the smallest piece of software will now have to come with evidence that it has been designed with security in mind
However, the United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations Working Party (WP) 29 is poised to introduce regulations covering vehicle cyber security across 60 countries. These regulations, set to be introduced from mid-2022 onwards, will lead to big changes across the industry. Despite its name, the regulations will be adopted outside Europe as well, with Japan and Korea already committed to implementing them as soon as possible.
The regulations imposed by the WP.29 will be an important step forwards for the industry. While they may initially require additional overhead and the need for radical changes for internal design processes within the automotive industry, they should ultimately bring great clarity and focus on cyber security. Critically, it will enable automakers to follow a common set of processes with the confidence that they can deliver vehicles to a wide range of markets.
One vital point for automakers and suppliers is that the vehicles already under development for production from mid-2022 onwards will need to comply with these new regulations. Thus, automakers need to be surrounding themselves with proven and trusted suppliers who have security as a core principal for their offerings.
While they may initially require additional overhead and the need for radical changes for internal design processes within the automotive industry, they should ultimately bring great clarity and focus on cyber security
The WP.29 is not just about the OEM, as its impact will be felt across the entirety of the automotive supply chain and suppliers will be required to show compliance to the regulations. This means that each building block that goes into the vehicle containing even the smallest piece of software will now have to come with evidence that it has been designed with security in mind. If a vendor cannot provide this proof, it will become increasingly difficult for the OEM to accept or integrate the code into their WP.29 compliant vehicles.
Finally, enhanced cyber security will play a key role in building the confidence of drivers to pay for many of the advanced connected vehicle services, providing new high growth revenue streams for automaker moving forwards. Automakers and supplies will need a trusted execution environment to sit at the heart of the next generation of vehicles. Using a hardware backed secure environment to perform critical operations, such as encryption and biometric authentication, will provide a robust platform for building secure solutions today and in to the future.
The opinions expressed here are those of the author and do not necessarily reflect the positions of Automotive World Ltd.
Andrew Till is an automotive industry expert at cyber security company Trustonic
The Automotive World Comment column is open to automotive industry decision makers and influencers. If you would like to contribute a Comment article, please contact editorial@automotiveworld.com
