Cyber security news for all

More

    Car manufacturers should be able to ward off cyber attacks

    The new regulations show that car producers must constantly demonstrate verifiable risk management and carry out relevant tests. They should be able to monitor, ward off and react to cyber attacks. This includes forensic skills to analyze successful or attempted attacks. Evidence of this should be able to be documented. Company documents that detail the relevant processes.

    The UN regulation working group would provide a kind of checklist on which those affected could work. In addition to the general rules for cybersecurity, there would also be requirements for future type approval procedures. For example, it has to be proven that manufacturers use a special cybersecurity management system. Vehicle builders would also have to show that planned remedial measures worked and that they could actually locate and prevent attacks.

    ISO Standardization Process and The UN Regulations

    There is some overlap between the ongoing ISO standardization process and the UN regulations. At ISO, the entire area of ​​the supply chain is covered more broadly and the focus is also on gateways, control units, the infotainment system and sensors such as radar or cameras. At the UN level, the entire vehicle is in view with the entire electronic architecture and networking interfaces.

    Manufacturers had already carried out an initial gap analysis in view of the obligation to observe both regulatory strands. The car maker was responsible for the entire architecture and had to apply for type approval. Suppliers and sub suppliers would be obliged to provide adequate documentation of the delivered systems, software or components. Since a liability case could end up in court, the minimum requirements could not be taken lightly.

    The standardization experts explained that the EU plans to make the UN requirements binding for all vehicle types will start in July 2022. Asia has already adopted the rules for autonomous vehicles as a precautionary measure and from the middle of the year it should become binding for all types there. The USA was not directly involved in the ratification process, but wanted to draw up its own list of requirements based on the UN guidelines.

    Recent Articles

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox