Cybersecurity Assessment for Automotive Components

Why is cybersecurity for automotive components needed?

The growing digitisation of vehicle technology is increasing the complexity of modern vehicles today. More and more electronic control units (ECU) are installed in vehicles to implement new innovative functions. However, with the large number of those functions and electrical and electronic (E/E) components the potential risk of cyber-attacks is increasing. This is especially prevalent for automated driving functions and autonomous vehicles as once a cyber-attack hits a connected car system, the vehicle can lose control over its functionality.

Another element of uncertainty lies in the extended supply chain as components often integrate third-party software and hardware. Manufacturers must ensure that all those components are resilient to a cyber-attack. Otherwise, this can result in potential operational and financial damage for the manufacturer, and at the same time threaten the data security of vehicle users and safety of road users.

Currently, multiple cybersecurity best practices and recommendations of modern vehicle technology exist, but norms and regulations are still under development.

Consequently, it is very challenging for manufacturers to be entirely sure if an automotive component has been developed securely and whether it offers suitable cybersecurity protection levels.

Why is cybersecurity for automotive components important?

The level of complexity surrounding technologies within modern, connected and autonomous vehicles have become so multifaceted that automotive cybersecurity is now a necessity.

From the development process to decommissioning, manufacturers must approach cybersecurity holistically, assessing security levels of vehicle components throughout the entire organisation and product lifecycle. Only using this method will manufacturers produce vehicles and components that have evaluated and successfully executed cybersecurity risk assessment at every point of the process.

TÜV SÜD supports the development of cybersecurity for automotive components to ensure:

• Appropriate development processes are met over the entire product lifecycle.
• Effective technical security measures are developed in line with relevant cybersecurity regulations, norms and recommendations.
• Suitable cybersecurity governance and management are implemented.

Through this, your business can benefit by:

• Developing secure automotive components, which are resilient against cybersecurity threats and meet relevant standards and regulations.
• Increasing business efficiency by improving your cybersecurity-related component development processes.
• Increasing customer trust by providing secure products and proving that cybersecurity risks have been accurately assessed and well mitigated.
• Gaining a competitive edge by working with an independent third-party service provider that has an international expert network and a wealth of automotive and cybersecurity experience.

TÜV SÜD supports you to develop resilient automotive components

With over a century of automotive safety, security and performance expertise TÜV SÜD supports you to address current challenges to ensure manufacturers develop robust products that provide suitable cyber-attack protection.

Our experts are actively involved in the latest automotive cybersecurity standards development activities (ISO/SAE 21434 and ISO 24089), providing our clients with the most up-to-date knowledge of current and future requirements for cybersecurity of vehicle components. Our TÜV SÜD expert team also participates in relevant UNECE committees to develop regulations on cybersecurity and software updates (UNECE WP.29 GRVA). Furthermore, we have been involved in the development of the first technical guideline in Singapore (TR68-3) for the secure and safe deployment of fully autonomous vehicles.

With our systematic and holistic assessment of products over your entire product lifecycle, we ensure that our cybersecurity assessment reports enable you to design and verify secure automotive components for connected and automated vehicles.

TÜV SÜD’s cybersecurity assessment services for vehicle components

TÜV SÜD’s comprehensive cyber threat assessment services cover the full system (both hardware and software), as well as software-only and hardware-only components. We also have the capabilities to assess off-the-shelf components – for example, automotive components that have not been developed for a specific ECU.

From products at the early design phase to final checks and assessment across all phases of the development process, TÜV SÜD ensures that robust cybersecurity management is present across the entire organisation including the product development process, and that it is also in line with automotive cybersecurity standards, regulations and best practices.

Our TÜV SÜD services include the assessment of:

• All phases of the product lifecycle
• Product-related cybersecurity management across the organisation and for a specific project
• Effectiveness and appropriateness of technical security measures

As a result, you receive the following deliverables:

• A full technical assessment report, which highlights the product lifecycle’s strengths and weaknesses at different phases

• List of critical elements
• Recommendations for improvements