📞 +49 7024 977 8996 ✉️ info@magility.com

Cyber crime – what is the right strategy?

Cyber crime – what is the right strategy?

by | Oct 5, 2022 | Automotive Cyber Security, Automotive Industry, Cyber Security Management

Cyber crime in the automotive sector remains a highly topical issue in 2022. Although modern vehicles are still used to transport people and objects, the technology in the background has revolutionized. What rolls along the roads millions of times a day could confidently be described as mobile mainframes that work quite independently and lead a lively life of their own in the background, while the person behind the wheel thinks they have everything under control themselves. Studies show that half of the vehicles in the EU will already have connectivity by 2025, and by 2030 this proportion will already be 78%. In the U.S., the projected figures for the share of connected cars are even higher: 72% in 2025, and as high as 96% by 2030.

cyberkriminalität

The Internet of Things makes vehicles vulnerable to attack by cybercriminals

Software Defined Products as well as autonomous and smart technologies in vehicles such as telematics, V2X communication and infotainment are virtually invitations for hackers to attack, and they require a comprehensive Cyber Security Management System (CSMS) as envisaged by the EU. As of July 2022, the new cybersecurity regulation is mandatory for all new vehicle types in the European Union. From mid-2024, the use of a certified CSMS will be mandatory for every vehicle type at the time of type approval.

And that’s sorely needed, because 4G and 5G connectivity make it possible to access connected cars remotely even with little basic knowledge. All it takes is a bit of information from the darknet, where you can also buy the relevant software for hacker attacks, and manipulate a game console, as hackers in the UK have done. At least five cars worth a total of 210,000 euros, captured with a Game Boy, are a great temptation. Unfortunately, digital security understanding is often still in its infancy for networked ecosystems.  Our interview with our CEO, Dr. Michael Müller on Cyber Security Management Systems clarifies and answers important questions about CSMS and the new UNECE (Economic Commission for Europe) regulations for the automotive industry.

Europe’s largest car dealer hacked

Hackers in Switzerland put Europe’s largest car dealer out of business earlier this year. The Emil Frey Group watched as its website, online service and telephone system collapsed. A turnover of around ten billion euros and an operational size of 22,000 employees seemed a worthwhile incentive for cyber criminals to target the Digital Automotive Award-winning family business. With the slogan “We buy your car,” the Frey Group wanted to achieve a market share in online sales of 20 percent of total sales by 2025. The German market was to take the lead in this. The criminal cyber scene is just waiting for such ambitious plans. Destroying is their main concern, and taking what they can financially in the process is their ultimate goal.

The annual damage caused by cyber crime is immense for the German economy

As the IT industry association Bitkom recently calculated, the German economy alone suffers annual damage amounting to 223 billion euros or, put another way, six percent of Germany’s gross domestic product in 2021. According to a study by the association, nine out of ten companies as well as government agencies and banks are affected by data theft, espionage and sabotage; in Germany alone, just under 50% of companies were victims of a cyber attack at least once in 2022.

 

[infobox headline=”At a glance”]

  • Cyber crime affects all industries; but increasingly those related to IoT
  • By 2030, 96% of all vehicles in the U.S. are expected to be equipped with connectivity
  • A certified cyber security management system (CSMS) for handling cyber risks will be mandatory for all vehicle types by mid-2024
  • Cyber crime takes place throughout the automotive ecosystem, causing 223 billion euros in damage to the German economy each year
  • A professional CSMS forms the basis for automotive cyber security

[/infobox]

Companies should not pay a ransom

Blackmail via the use of so-called ransomware plays a leading role in this. And according to a recent study by the security service provider Sophos, 42 percent of the companies affected are playing along. 253,160 euros is the average ransom paid in an extortion case. The possibility of insuring against ransom demands certainly contributes to faster compliance. On top of that, the whole thing is tax-deductible. But what appears to be a quick fix for entrepreneurs by necessity is rejected by security officials, such as the German Federal Criminal Police Office (BKA).

Organized cyber crime becomes a geostrategic risk

The BKA expressly advises against paying ransoms and points out that affected files and programs are often not decrypted and released again by the extortionists despite payment. That is why 22 IT experts have now appealed to federal politicians. They see highly organized crime behind ransomware and describe ransomware as a geostrategic risk whose roots must be nipped in the bud. The IT specialists’ demand is: no more insurance against cyber-attacks, no more tax write-offs and, above all, no more accepting ransomware demands.

Magility Cyber Security and Cyber Crime

At least since the adoption of the UNECE, CSMS are mission critical – without CSMS, no vehicle approvals and without approvals, OEMs are left out in the cold. At Magility, we have long focused on the problem of cyber crime in the automotive sector. Years ago, we developed a Cyber Security Management System (CSMS) for the automotive industry, which is continuously updated and integrates all UN regulations (UNECE WP.29) and standards such as ISO/SAE 21434 and ISO/AWI 24089.

A CSMS forms the basis for automotive cyber security and is based on a uniform standard. Cyber security is now anchored not only at the project level but also at the organizational level and defines a procedural framework. This means that not only vehicles are protected against attacks, but also the entire digital ecosystem of the company.

Only recently, we spun off Magility Cyber Security GmbH to give this important topic its own space. Magility Cyber Security GmbH (MCS) is now your competent partner for the holistic implementation of CSMS and Software Update Management System (SUMS). The cyber security experts at MCS will be happy to advise your company and accompany you in the implementation of a CSMS and, if required, a SUMS in your company across all process stages along the supply chain and throughout the entire life cycle of the vehicle. For more information, please contact our magility cyber security experts.

 

Software Defined Products

Software Defined Products

by | May 18, 2022 | Automotive Industry, Automotive Cyber Security, Cyber Security Management, Future Trends, Market development & Trends, strategy in change

Software Defined Products describe a new type of product that focuses on software rather than hardware and is used to deliver a wide variety of solutions.

The characteristics of Software Defined Products

Software Defined Products can be described in terms of the following characteristics:

  • Product benefits become programmable: Large parts of a product’s range of functions and benefits can only be accessed digitally and are controlled via apps or digital displays. 
  • Product release = software update: New features are installed and made available as software updates. The customer no longer has to wait for the new device or hardware generation.
  • Differentiation via software functions and usability: The hardware and material properties of products gradually recede into the background. In the future, a significant part of the product benefit will be derived from software-based functionalities, sensor technology and the networking of devices to form a holistic IoT solution.

Consequently, software development becomes a central aspect of the product life cycle. From prototyping to the production phase, software is the key variable that significantly influences product development.

Potential, complexity and cost

In the heat of the battle around digitalization, analytics and the cloud, it’s easy to overlook the advances currently taking place in infrastructure and operations. Today, the entire operating environment – servers, storage and network – can be virtualized and automated. The data center of the future offers the potential to not only reduce costs, but also dramatically increase speed and reduce the complexity of deploying, implementing and maintaining technologies. “Software Defined Everything” can make infrastructure investments much more cost effective and thus become a competitive advantage.

Challenge to the Mobility Industry – Establishing Holistic Software System Competence

Software-driven change is taking place in all industries. The automotive industry has also been in the midst of structural change for years: connected services have been around for decades, cars already contain up to 100 electronic control units supported by millions of lines of code, and advanced AI algorithms are being developed for autonomous driving. Hardware and software engineering for automotive systems is fundamentally changing to include advanced embedded and cloud technologies, distributed computing, real-time systems, and distributed safety systems.

Automobile manufacturer and software system competence

Nevertheless, most automakers are currently unable to build software-defined dream cars. Some companies have even failed to survive structural change, and it is certainly a mistake to disregard key indicators of potential large-scale upheaval. Particular attention should be paid to players in other industries, such as telecommunications. These often enter the automotive industry market with superior technology. The hardware- and software-intensive systems in modern cars offer many new possibilities, but they also require careful design, implementation, verification and validation before they can be released to users. To manage the rapidly growing complexity, automotive software needs a clear architecture. Of course, the architecture must also meet SW/HW quality, functional safety, and cybersecurity requirements. 

Two converging trends

Despite delays caused by the pandemic, players in the automotive industry must focus on the transition to products whose characteristics are determined to a large extent by the software implemented; indeed, they must accelerate this transition now. There are signs that automotive sales will recover. And it stands to reason that the pandemic will foster a customer base that is inclined toward car ownership for safety reasons and is also accustomed to software-based features – two trends that will converge, with car buyers preferring vehicles that incorporate the same software-based options they already rely on at home, work and play. To prepare for this demand, automakers must put software at the center of their operations and products – with the help of a holistic software systems capability. Agile service delivery models combining DevOps, microservices, and cloud solutions will enable functional changes that go far beyond the traditional V-development approach. The software-defined car combines different types of hardware and software architectures, and HW/SW designers and architects will need to be familiar with a range of paradigms and best practices from different hardware and software disciplines.

Big Data Services, Autonomous Driving, Smart City and Smart Grids

A smart city is essentially defined by information and communication technologies (ICT). It is about meeting the growing challenges of urbanization. A large part of this ICT framework is an intelligent network of interconnected objects and machines that transmits data using wireless technology and cloud applications. 

Cloud-based IoT applications 

Cloud-based IoT applications receive, analyze, and manage data in real time to help municipalities, businesses, and citizens make better decisions that can improve quality of life.

Smart City Ecosystems

Citizens interact with smart city ecosystems in a variety of ways, using smartphones and mobile devices as well as connected cars and homes. Linking devices and data to a city’s physical infrastructure and services can reduce costs and improve sustainability. For example, communities can use the IoT to improve energy distribution, streamline garbage collection, reduce traffic congestion, and improve air quality.

Examples of the automotive sector in a smart city:
  • Autonomous driving: Locomotion with the aid of vehicles, mobile robots and driverless transport systems that behave largely autonomously.
  • Smart grids combine generation, storage and consumption. A central control system optimally coordinates them with each other and thus balances out power fluctuations – especially those caused by fluctuating renewable energies – in the grid.
  • Smart traffic control: Networked traffic lights receive data from sensors and cars and adjust traffic light switching and timing to traffic volumes in real time to reduce congestion on the roads. 
  • Connected cars can communicate with parking meters and electric vehicle (EV) charging stations to direct drivers to the nearest available parking space. 
  • Smart trash cans automatically send data to waste management companies and schedule pickups on demand, rather than on a predetermined schedule. 
  • Smart administration: And citizens’ smartphones become mobile driver’s licenses and ID cards with digital badges, speeding and simplifying access to the city and local government services. 

Together, these smart city technologies optimize infrastructure, mobility, public services and utilities. The automotive sector will benefit through comprehensive fleet and vehicle functions.

Software quality (ASPICE), functional safety and cyber security

In telecommunications, cyber security regulations were already introduced in the 1990s and early 2000s, and in the medical sector even earlier. And although the Internet capability of vehicles has also been technically realized for many years and software updates of many vehicles on the market already run over the air (OTA), i.e., wirelessly, the automotive industry has not particularly prioritized cybersecurity over the past 40 years, so that the industry is lagging behind many other sectors today. This is all the more threatening because vehicle functionality today relies on millions of lines of code, and communication buses such as CAN, LIN, and even Ethernet have become popular gateways for hacker attacks. 

Cyber security as a critical factor for success

Cyber security has therefore become a critical factor for success and must become part of the company’s overall system function. All cyber security aspects must be considered across the entire value chain. Otherwise, there would be a constant danger of a third party taking control of the car while it is being driven. 

The most important regulations at a glance

Since 2020, there are now also mandatory regulations on cyber security and software updates for the automotive industry and its players. For example, a holistic Cyber Security Management System (CSMS) and a Software Update Management System (SUMS) have become compulsory for vehicle manufacturers and their type approvals. We have reported on this several times before. ISO/DIS 24089 and ISO/SAE 21434 also play a role in the world of regulations, as well as ISO/TR 4804:2020 Road vehicles – Security and cyber security for automated driving systems – Design, verification and validation and the TISAX® (Trusted Information Security Assessment Exchange) standard of the VDA. TISAX® focuses on the needs of the automotive industry: a certification for automotive suppliers is intended to ensure information security in the automotive industry. The German Association of the Automotive Industry (VDA) published the Automotive SPICE for Cybersecurity guide last February. Automotive Spice, or ASPICE, stands for Automotive Software Process Improvement and Capability Determination, and is amongst others intended to evaluate the performance of OEMs and their suppliers software development processes in the automotive industry. 

All these new regulations now serve as a basis for any company working with OEMs, as well as for the automotive manufacturers themselves. 

Fleet (lifecycle), system (vehicle), subsystem and components – we focus on all of them

The (further) development of vehicle software offers a multitude of opportunities for your company:

  • Meeting dynamic expectations of customers
  • Providing new functionalities 
  • Ensuring traffic safety through high-quality software 
  • Meeting quality requirements through appropriate testing
  • Predictive diagnostics and fleet management as well as telematics
  • Secure access to vehicle data from any location
  • Enabling firmware updates over the air
  • Software for vehicle tracking
  • Developing vehicle navigation software that meets the needs of electric vehicle drivers

Automotive Software Engineering is the link between backend software applications and the hardware components of a vehicle. 

The need for over-the-air (OTA) updates for software

The market for over-the-air (OTA) updates in the automotive industry has changed dramatically over the past year. Major automakers are pushing to roll out widespread use of OTA and deploy it for connected vehicles. New regulations for both OTA and cybersecurity have recently been passed (we reported on this) and more will be needed as the technology advances. 

  • There are regulations that define the obligations of OEMs and suppliers when updating software to meet legal requirements.
  • The technical prerequisites for OTA updates and the know-how are already available.
  • In the future, automotive OEMs will not only “push” software updates but also other features over the air into vehicles. OTA transfers must therefore work for car manufacturers and will become a necessary competitive differentiator. Here lies great potential for new revenue streams.
  • Car buyers expect reliable and convenient OTA update functionality.
  • The use of OTA-transfer for additional functionality in connected cars is growing rapidly.

OTA software updates are on a rapid growth path. This trend is creating a strong market for OTA clients and an even larger market for cloud OTA services.

magility and Software Defined Products

Software Defined Products are more and more in the focus of all industries and especially of the automotive industry and its suppliers. Regardless of their size, this development will have a profound impact on companies. New strategies are needed to ensure survival in increasingly complex markets. At magility, we support companies in reviewing and adapting their corporate strategy, taking into account all the new factors impacted by the IoT, and in identifying and implementing measures for strategy implementation. This also includes the integration of new service segments and, if necessary, entire new business units. In this context, we cooperate with the International Institute of Information Technology in Bangalore, India. Dr. Roland Haas is a professor at IIITB and our specialist for Software Defined Products, OTA and software system competence for the automotive industry. Contact us now – we will be happy to answer your questions. 

 

Follow us for more news also on LinkedIn. We are looking forward to meeting you!

 

Software Update Management Systems – SUMS

Software Update Management Systems – SUMS

by | May 6, 2022 | Automotive Cyber Security, Automotive Industry, Cyber Security Management, Future Trends, Market development & Trends, New Mobility

Over the next few years, many countries will introduce the United Nations Economic Commission for Europe (UNECE) regulations R155 on cybersecurity and R156 on software updates. The new regulations address the growing risk posed by increasing connectivity and the digitized vehicle environment – a major challenge for vehicle manufacturers and their suppliers. This article focuses primarily on regulation UN-R 156 for software updates and the establishment of a Software Update Management System (SUMS).

UNECE Regulation 156 – SUMS

UN-R156 establishes the framework for the type approval of software updates for vehicles and for the establishment of a Software Update Management System (SUMS). A SUMS ensures that the requirements for the provision of software updates described in UNECE Regulation 156 are met. A SUMS defines the organizational processes and procedures necessary for this and is based on the same model as a Cyber Security Management System (CSMS). It is the central control unit for software updates. The goal here is to develop, to control and to continuously improve all types of activities and processes that are essential for updates. To obtain type approval certification as OEMs, all mandatory type approval parameters must be included. UNECE Regulation 156 lists these parameters such as safety, connectivity, information exchange, theft and environment in a checklist for OEMS. Compliance with these parameters is crucial for type approval. By implementing a SUMS, OEMs and suppliers can ensure that they comply with the regulation for the delivery of software updates.

Overview of the most important points

  • According to paragraph 2.3 of UN-R156, the term “software update” describes a package used to update the software to a new version, including a change in configuration parameters.
  • According to paragraph 2.5 of UN-R156, SUMS is a systematic approach that defines organizational processes and procedures to meet the requirements for the delivery of software updates in accordance with UN-R156.
  • In this regard, UN-R156 specifically addresses OTA updates. According to paragraph 2.9. of UN-R156, an OTA update means any method of wireless data transmission instead of a cable or other local connection.
  • According to paragraph 6 of UN-R156, an original equipment manufacturer must obtain a so-called certificate of conformity for its SUMS from an appropriate type approval authority. A certificate of compliance is usually valid for up to three years from the date of delivery. Original equipment manufacturers must apply for a new certificate of conformity or an extension of the existing certificate of conformity in good time before the period of validity expires. A valid certificate of conformity for the SUMS is the main basis for a valid type approval.
  • UN-R155 and UN-R156 primarily establish type approval requirements for OEMs in their typical role as whole vehicle type approval holders. Thus, they expect an OEM to implement and maintain a proper CSMS and SUMS and apply it to its respective type-approved vehicle types. Proper cybersecurity and software updates, on the other hand, generally involve supplier parts. Therefore, most suppliers are also included in cybersecurity and software update considerations. Accordingly, OEMs and suppliers must work closely together to ensure the cybersecurity of vehicles and their components

In addition, and potentially more so than before, OEMs will be required to monitor their vehicles in the field, identify potential cybersecurity or software risks, and – if necessary – provide software updates to mitigate these risks in a timely manner, e.g., in the form of voluntary service actions, a recall, or similar measures.

Four key aspects for implementing the requirements of software update management systems

To implement the requirements of the Software Update Management System (SUMS), the following activities are essential:

  1. Goals and specifications in governance should be created or expanded to enable the planning and operation of a software update management system and to make it implementable and monitorable through audits.
  2. Derived from these goals, the SUMS management processes have to be established. Besides implementation and auditing, it becomes crucial to identify processes for the distribution of information as well as reporting within the operating model. It is equally significant to ensure the correct execution of the SUMS and to enable continuous improvements. Another weighty aspect is also to ensure adequate traceability for vehicle type testing and approval. To ensure all this, risks in the execution of software updates as well as in the organization and infrastructure must be identified and included in risk management.
  3. Within the organization, this requires project-specific processes, responsibilities and roles. Moreover, it also concerns tools and technologies in control of the setup and the execution of the SUMS – especially in regards to the preparation of information for management, authorities or the technical service.
  4. Operationally, SUMS also includes consideration of vehicle configuration and performance requirements. In this context, the existing development and deployment processes should be reviewed to ensure, in particular, the documentation and traceability of the consideration of vehicle communication processes, the performance of systems and components, vehicle status, fault prevention, and fault control.

While these points were indispensable for the pure functionality of the vehicles before the regulations were implemented, the importance of good documentation and verifiability by the authorities or technical services must now be given the utmost attention. For this, good planning, implementation and documentation of communication with vehicle users as well as validation and verification of software updates are particularly important.

Why is the evaluation of automotive software updates so important?

Without the implementation, operation and maintenance of software update management systems, manufacturers cannot obtain type approval for software update-capable vehicles and sell them on European markets. Manufacturers and suppliers must therefore provide evidence that the requirements for the vehicle and components are implemented in accordance with the UN-Regulation.

An efficient and systematic assessment by an independent third party is necessary to determine a manufacturer’s level of compliance with UN-Regulation 156 and the ISO 24089 standard

Magility can help your company implement these regulations. Based on our experience, we provide regulation-focused and value-based consulting to all of our clients. If you are interested in our consulting services, we look forward to hearing from you. Or follow us on LinkedIn to never miss any news. 

 

Why CSMS consulting activities should be stepped up right now

Why CSMS consulting activities should be stepped up right now

by | Mar 17, 2022 | Automotive Cyber Security, Automotive Industry, Cyber Security Management, Future Trends, Market development & Trends, New Mobility, News from magility, strategy in change

All networked devices, including vehicles, are exposed to security threats and must be protected against many types of malware. Cyber Security Management Systems (CSMS) that are aligned with the current challenges can provide a useful organizational and process support for technical cyber security solutions for this purpose. We will discuss this and other topics in more detail in this article.

It wasn’t long ago that cyber security for vehicles was not a high priority for OEMs and suppliers. However, as the automotive industry continues to undergo a digital transformation driven by the proliferation of the ‘software defined vehicle’ and the development of new mobility concepts, cyber security has become a critical issue in the hardware and software value chain and is being taken more seriously than ever. New and future electronic architectures for automobiles based on fewer and larger control units, called domain controllers, will help simplify the current complex structures. However, due to increased connectivity with mobile devices, Wi-Fi networks, cloud platforms, smart cities and and other edge devices, much of the current complexity will remain. The following table summarizes examples of  which systems within vehicle electronics need to be protected by cyber security:

Automotive cyber security, Vivek Beriwat

[Source: Automotive cyber security, 2021, Vivek Beriwat]

All in all, however, the entire end-to-end solution must be secured. In addition to the vehicle, this also includes the backend, the mobile devices and the respective telecommunications connections. Furthermore, cyber security protection must be maintained over the entire life cycle (approx. 30 years per vehicle series) of a manufacturer’s vehicle fleet. This results in requirements for the updateability of the software used. In addition, the entire hardware and software value chain must be protected against cyber security risks.

The importance of Cyber Security Management Systems

Supply chain attacks have been a security concern for many years, but planned organized attacks against b2b companies have been occurring in greater numbers since 2020. Perhaps due to the more robust security protections that b2c companies have put in place, attackers have shifted their focus to suppliers and have managed to cause significant impact in the form of system downtime, financial loss, and reputational damage, to name just a few of the damages.

The devastating consequences of software supply chain attacks were on full display as a result of the SolarWinds hack. The SolarWinds hack is considered one of the largest software supply chain attacks in recent years, especially considering the entities affected, which include government organizations and large corporations. The attack received a lot of media attention and led to policy initiatives around the world. More recently, in July 2021, the attack on Kaseya came to light and highlighted the need for more attention to software supply chain attacks affecting managed service providers. Unfortunately, these two examples are not isolated incidents; in fact, the number of software supply chain attacks has also steadily increased over the past year. This trend underscores the need for policymakers and the security community to develop and implement new protections to counter potential supply chain attacks in the future and mitigate their impact.

Cyber security in the automotive industry

Cyber security is a relatively new area for the automotive industry, but one that is steadily growing in importance due to the rapid proliferation of connected vehicles. In the future, all new vehicles will be connective. More connected vehicles mean higher risks, as connectivity brings new challenges that cannot be ignored. 

Automotive cyber attacks lead to a variety of business risks within the automotive industry:

Management von Cyber Security Bedrohungen und Risiken in der Automotive Industrie_englisch

[Source: Magility GmbH, Management of cyber security threats and risks in the Automotive industry]

Connected cars therefore need cyber security protection. This includes embedded software programs to protect against cyber attacks on individual vehicles that are available at the time of sale, but also cloud-based cyber protection services for the vehicle fleet that can be specifically activated during use. These trends have led to a growing need for software and hardware cyber security products and cloud-centric services which have become a critical core product and value chain issue for OEMs and their suppliers.

Legislators have therefore reacted and, from 2022, car manufacturers will have to prove for type approval that they can protect their vehicles and fleets against cyber attacks and that they are capable of managing cyber security in terms of processes and organization. Currently, there are already national and international activities for the standardization of Cyber Security Management Systems and their auditing. Those who have to deal with these challenges must also deal with various regulations and standards.

As an example, the formal regulatory cycles for UNECE are shown below:

Quality Institute/VDA, UNECE standards and rules

[Source: Quality Institute/VDA, UNECE standards and rules]

In order to make all these comprehensive regulations manageable, Magility recommends tailor-made integration of the same into the company-specific development, production, sales and after sales systems.

Magility’s Cyber Security Management System (CSMS)

Automotive Cyber Security is therefore emerging as a new interdisciplinary enterprise system function. Magility is starting precisely here and is now focusing all the more strongly on supporting automotive companies and their suppliers in dealing with new threats. One of the tools we recommend for this purpose is a CSMS tool for raising awareness and combating cyber risks on a sustained basis:

CSMS_Übersicht_en

[Source: Magility GmbH, Management of cyber security threats and risks in the automotive industry, Automotive Cyber Security Management System (CSMS)]

Cyber Security Requirements of the Top Management – Goals and code of conduct for cyber security

CSMS_Requirements of Top Management

Cyber Security Organization – Definition of roles and responsibilities

CSMS_Organization

Cyber Security Risk Assessment – Identification and evaluation of cyber risks

CSMS_Risk Assessment

Cyber Security Program – Structure, execution and control of cyber security policies

CSMS_Program

Cyber Security Qualification and Communication – Increasing cyber security awareness

CSMS_Qualification & Communication

Cyber Security Implementation – Sustainable protection of the company and corporate customers

CSMS_Implementation

Cyber Security Effectiveness Monitoring – Assessing the effectiveness of cyber security measures

CSMS_Effectiveness Monitoring

Cyber Security Audit – Definition of roles and responsibilities for CSMS effectiveness monitoring

CSMS_Audit-en

 

Magility recommends that companies implement the CSMS regulatory cycle outlined above in order to respond agilely as an organization to new potential threats, to increase awareness of cyber security among all employees, and to ensure a continuous cyber security improvement process for new vehicles and the existing fleet. 

Magility is strongly focused on further expanding the cyber security capabilities and CSMS competencies to meet the threats of the future and present. For further information or a personal consultation, please contact our Managing Director Dr. Michael Müller (michael.mueller@magility.com) as well as our cyber security consultant Hanna Kahindi (hanna.kahindi@magility.com). 

Follow us on LinkedIn for new articles and other news about cyber security, or contact us directly via our contact form if you have any questions. We are looking forward to it!

Automated Lane Keeping Systems – New UN-Regulation

Automated Lane Keeping Systems – New UN-Regulation

by | Apr 15, 2021 | Automotive Cyber Security, Automotive Industry, Cyber Security Management, New Mobility

The standards in the automotive industry will be further expanded. In addition to the UN regulations on Automotive Cyber Security Management Systems and Software Updates, which we explained in our article on UNECE WP.29, there are now strict requirements for the use of Automated Lane Keeping Systems, so-called ALKS for passenger cars.

This Regulation No. 157, adopted by the UNECE’s World Forum for Harmonisation of Vehicle Regulations, is the first binding international regulation for so-called “Level 3 vehicle automation”. The World Forum for Harmonization of Vehicle Regulations (WP.29), operated by the UNECE, is the intergovernmental platform that defines the technical requirements to be followed by the automotive industry worldwide.

Safe introduction of automated vehicles

ALKS, once activated, take primary control of the vehicle and control the lateral and longitudinal movement of the vehicle. However, the driver is able to intervene and take back control of the vehicle at any time. The driver can also be requested to intervene by the ALKS system itself.  

The new Regulation 157 is based on the UNECE framework and focuses on the safety of automated and autonomous vehicles. It takes a sophisticated systems approach that contributes to road safety by the use of advanced technologies, including the reduction of accidents. The aim of the regulation is to enable the safe introduction and operation of automated vehicles in different traffic environments. It is intended to contribute to a wider use of automated vehicles.

New requirements for the approval of Automated Lane Keeping Systems

The new regulation in its current form still limits the operating speed of ALKS to 60km/h. Under certain conditions, ALKS can be activated in road traffic, namely when cyclists and pedestrians are not allowed on these roads and oncoming traffic is separated by a physical barrier and thus cannot cross the lane.

[infobox headline=”The most important in brief”]

UN Regulation 157 includes administrative provisions for type approval, audit and reporting requirements, technical requirements and provisions for type approval and testing. The application for approval of a vehicle type with regard to the ALKS shall be submitted by the vehicle manufacturer or his authorised representative. 

[/infobox] 

UN-Regulation 157 and Human-Machine Interfaces

Regulation 157 also includes provisions relating to the Human-Machine Interface (“HMI”) in order to avoid misuse or misunderstanding by the driver. The regulation states, for example, that in the event of an overload message issued by the ALKS, all other displays of the vehicle offered to the driver for activities other than driving the vehicle are automatically suspended. This may be the case, for example, shortly before the end of a road section authorised for ALKS.

The process of handing over the driving task from the ALKS to the driver is also specified in the new regulation. For example, one requirement of this specifies that the vehicle must come to a stop if the driver does not respond to the ALKS handover request in accordance with the requirements. This means that the system must be able to check driver presence and assess driver availability. To this end, the regulations set out clear criteria that an ALKS must fulfil.  

These include regulations and criteria to be met:

  • for the sensor system
  • for the driving mode memory
  • of data elements to be recorded
  • for data availability in compliance with the respective applicable national and regional legal provisions
  • for protection against manipulation
  • for cyber security and software updates    

In summary, the regulation defines safety requirements for:

  • Emergency manoeuvres in the event of an imminent collision
  • Transition demand, i.e. when the system requests the driver to take back control
  • Minimal risk manoeuvres when the driver does not respond to a transition demand (in all situations the system must minimise the risks to the safety of the vehicle occupants and other road users)
  • Mandatory introduction of driver presence detection systems for car manufacturers. These systems check both the presence of the driver (in the driver’s seat with the seat belt fastened) and the availability of the driver to take back control.

Obligation to equip the vehicle with a “black box”, the so-called Data Storage System for Automated Driving (DSSAD), which records when ALKS is activated.

Car manufacturers will therefore have to fulfill clear performance-related requirements from now on before their Automated Lane Keeping System-equipped vehicles can be sold in the countries that stipulate the regulation.

The detailed specifications, activation criteria for an Automated Lane Keeping System and all other requirements of “UN Regulation No. 157 – Automated Lane Keeping Systems (ALKS)” can be viewed on the UNECE website. An internationally agreed German translation is not yet available. 

Recently, one of our start-up partners, Cognata Ltd. from Israel, which develops full product life cycle simulations for developers of ADAS and autonomous vehicles, collaborated with Five, a company that develops autonomous vehicle systems. Together, the two companies are working to provide a modular, cloud-based, end-to-end development and testing platform for automatic lane keeping systems ALKS that complies with the new UNECE Standard 157. 

The market is accelerating and for car manufacturers it shows once again that the convergence of the industries is continuing.