The Perfect Match: UN Regulation No. 155 and ISO 21434 for Robust Vehicle Security

The Perfect Match: UN Regulation No. 155 and ISO 21434 for Robust Vehicle Security

The automotive industry is undergoing a digital revolution. Connected cars are becoming the norm, but with this increased connectivity comes a heightened risk of cyber attacks. To ensure the safety and security of these vehicles, two key regulations have emerged: UN Regulation No. 155 (UN R155) and ISO 21434. While they serve distinct purposes, they work together beautifully to create a comprehensive cyber security framework for modern vehicles.

UN R155: Setting the Bar for VSOC Capabilities

Imagine UN R155 as the blueprint for a modern Vehicle Security Operations Center (VSOC). This regulation, established by the United Nations Economic Commission for Europe (UNECE), lays out mandatory cybersecurity requirements for car manufacturers seeking approval for new vehicles in UNECE member countries.

Think of it as a checklist for VSOCs, outlining essential processes to manage cybersecurity throughout a vehicle's lifecycle. Key aspects of UN R155 include:

• Risk Management: Regular identification and mitigation of cybersecurity threats to vehicles.

• Testing and Verification: Rigorous testing of a vehicle's cybersecurity measures and risk assessments.

• Attack Response: Processes for detecting, responding to, and recovering from cyberattacks.

• Forensic Analysis: The capability to analyze cyberattacks for root cause identification.

• Supply Chain Security: Managing cybersecurity risks associated with suppliers and service providers.

By adhering to UN R155, car manufacturers demonstrate their commitment to building secure vehicles and gain market access for their new models.

ISO 21434: The Roadmap to Continuous Improvement

While UN R155 establishes the baseline for VSOC capabilities, ISO 21434 takes a broader approach. Developed by the International Organization for Standardization (ISO), this standard outlines a framework for managing cybersecurity risks throughout the entire vehicle lifecycle. ISO 21434 is all about:

• Organizational Culture: Fostering a culture of cybersecurity awareness within the organization.

• End-to-End Security: Integrating security considerations into all phases of vehicle development, from design to decommissioning.

• Threat Risk Assessment (TARA): A systematic approach for identifying, analyzing, and prioritizing cybersecurity threats.

• Operation and Maintenance: Processes for maintaining cybersecurity throughout a vehicle's operational life.

• Continuous Improvement: A commitment to constantly improve cybersecurity practices based on lessons learned.

By following ISO 21434, car manufacturers can build a robust cybersecurity management system (CSMS) that goes beyond compliance and fosters a proactive approach to securing their vehicles.

The Power of the Partnership

UN R155 and ISO 21434 are not competitors; they complement each other perfectly. UN R155 provides the essential building blocks for a VSOC, while ISO 21434 offers a roadmap for continuous improvement and a holistic view of cybersecurity throughout the vehicle lifecycle. Here's how they work together:

• UN R155 ensures that VSOCs have the necessary capabilities to meet regulatory requirements.

• ISO 21434 helps car manufacturers develop a comprehensive CSMS that goes beyond compliance and fosters a proactive security culture.

• By following both regulations, car manufacturers can achieve a higher level of vehicle security and build trust with consumers.

The Road Ahead

As the automotive industry continues to embrace connected car technology, the importance of robust cybersecurity will only grow. UN R155 and ISO 21434 provide the essential framework for manufacturers and VSOCs to work together and ensure the safety and security of our vehicles on the road. This powerful partnership will pave the way for a more secure future for connected transportation.