Your cybersecurity management system governs by whom, when, and what actions must be taken to keep the connected vehicle secure until the end of its service life. Here we show you what you need to do to effectively integrate cybersecurity into your process landscape.
Back to CybersecurityThe UNECE regulation expects the vehicle industry to establish cybersecurity management systems (CSMS). This is relevant for type approvals for all new vehicles manufactured from 2024 onwards. This CSMS is intended to comprehensively coordinate ongoing cybersecurity efforts at both the corporate and operational levels.
The requirements for a CSMS are described in ISO/SAE 21434, for example. Rather than deploying an additional isolated management system, we recommend integrating cybersecurity requirements into your existing process landscape.
Do you need a more detailed summary of the implementation of a cybersecurity management system? Our free whitepaper contains all the important information, including helpful illustrations, on how to effectively implement a cybersecurity management system acc. to ISO/SAE 21434.
A management system is about structures, processes, measures and, competencies.
By definition of UNECE regulation R.155, a “CSMS means a systematic risk-based approach defining organizational processes, responsibilities and governance to treat risk associated with cyber threats to vehicles and protect them from cyberattacks.”
In other words, a management system structures your company's approach to safety and security. Your employees can concentrate on the various tasks at hand. With the management system, they bring them together and operate the interfaces.
In a company, there are different levels of tasks, from the corporate level to the business unit to the projects. At each level, risks are also different. The level of detail of a management system relates to the nature of the risks. At the appropriate levels, you should derive corresponding subsystems with structures, processes, measures and competencies.
With your cybersecurity management system in place, you ensure that all necessary cybersecurity activities for
are carried out thoroughly and until the vehicle series finally reaches the end of its service – cybersecurity is not an afterthought.
To this end, Clause 15 of ISO/SAE 21434 calls for continuous risk assessments in particular, in order to check whether the risk assumptions and countermeasures are still up to date.
Implement the management system carefully to foster and establish a cybersecurity culture in your corporation: Cybersecurity concerns will become second nature to you and your colleagues – then you will actually develop cybersecurity by design.
Need support with a key project? We’re your first port of call when it comes to management consulting and improvement programmes in electronics development.
Steffen Herrmann and the sales team