Automotive E-SSENTIALS

Your regular update for technical and industry information

Your regular update for technical and industry information

AN INTERVIEW WITH ALEXANDER ERSOY: AUTOMOTIVE SECURITY AND CONNECTIVITY ARE KEY FOR BRINGING AUTOMATED VEHICLES ON THE ROAD

Alexander is Head of Automotive Security and Connectivity for Highly Automated Driving (HAD) at TÜV SÜD. He has more than 20 years of experience within large engineering organisations, specialising in the automotive sector for the last fourteen years with roles covering automotive security, embedded software, connectivity and project management. He re-joined TÜV SÜD in January 2022, after working in the areas of software development, security, and compliance for the Volkswagen Group for several years.

In this interview, Alexander talks about the trends in the automotive market - focusing on security, the changing environment, and the upcoming challenges he and his team are facing.

Alexander Ersoy, TÜV SÜDYou recently re-joined the TÜV SÜD team. What did you find attractive and challenging about this new role?

A. Ersoy: Automated driving is one of the hot topics in the automotive industry. After a noticeable interruption, caused by the COVID pandemic and the ongoing chip crisis, automotive manufacturers are restarting their automated driving programmes. Also, new players are continuously entering this field with new technologies. To support this market growth, TÜV SÜD is developing methods to bring self-driving vehicles onto the road safely – and safety can only be achieved by keeping security in mind. As security is a topic that is constantly evolving, with new attack vectors and new threats, this inspires me every day.

What are your responsibilities as Head of Automotive Security AND CONNECTIVITY FOR HAD?

A. Ersoy: As a reliable and competent automotive industry partner for automated driving, we want to further enable OEMs and system vendors to take their vehicles and/or systems safely and securely on the road. We support our customers globally with advisory, assessments and audits/certifications based on UNECE regulations, national regulations and acts, as well as industry standards such as ISO and NIST. Of course it is also our task to always being aware on recent market and regulation changes to be able to adopt our services quickly to support our customers in the best way possible.

What current projects are you and your team focusing on?

A. Ersoy: We are currently working on assessments and audits of a wide range of different HAD vehicle types and systems. This includes small self-driving transport equipment, such as delivery robots and vehicle systems (e.g., steer-by-wire components), as well as people mover and complete SAE Level 3 (driver takes control when demanded) or Level 4 (driver control optional) vehicles. To deliver against our customers’ expectations in the HAD market, we work internationally in close collaboration with other TÜV SÜD entities and experts.

The automotive industry is evolving quickly, with many technical and digital innovations being developed in HAD. What are the key challenges, especially for the security and connectivity of automated vehicles?

A. Ersoy: The complexity of systems and new technologies, such as L4 systems, means that the potential attack vectors and threats are also evolving. Alongside this, the impact of a potential security incident will become more significant as a greater number of critical driving functions are taken over by a technical system. These systems, the safety of the driver and the environment must therefore be protected. TÜV SÜD has the responsibility as an independent inspection company to prove that the vendor and OEM have done everything to deliver a safe and secure product to their customer. And, more importantly, that they can react quickly and appropriately to protect an end-user if there is a security breach, which will happen sooner or later.

How will you and your team address these challenges to support the automotive industry?

A. Ersoy: As a partner to the HAD community, we start working closely with OEMs and vendors from the start of the system/vehicle development phase, and act as the bridge with the regulatory authorities to keep them notified.

This includes several different phases, depending on the product:

  • Gap analysis / pre-audit – to determine the status and the areas to be improved/changed.
  • Advisory – continuous support to our customers during product development.
  • Conformity assessment / certification audit – verification of the conformity to standards and regulations

Our knowledge of security and connectivity for automated driving enables us to guide our customers though the different regulations, acts and standards requirements which can sometimes be misinterpreted without expert help. For example, this includes industry standards ISO/SAE 21434 and upcoming ISO/DIS 24089, as well as EU regulations R155 / R156 / R157 and national acts such as AFGBV.

Additionally, we participate in several global working groups to ensure that we are always up to date with current and upcoming regulations and standards on a worldwide scale (e.g., UNECE, ISO, SAE, IEEE, DIN, BMVI, etc.).

"As complexity and connectivity are increasing automotive security is more important than ever and a topic that will not lose its importance within the automotive industry.”

What future challenges and new topics do you foresee for HAD security and connectivity?

A. Ersoy: The connectivity topics are increasingly relevant. If you think about teleoperated vehicles or Car-2-X-communication to support SAE Level 4 automated driving functions, the connectivity to the outside of the transport unit must be secure and fault-tolerant. Furthermore, the upcoming 5G mobile networks (public or privately owned), which will be used to communicate and operate self-driving vehicles, must fulfil certain standards and regulations (e.g., 5GAA, ITS).

This leads us to another topic: how the fusion of vehicle security with information security, and even industrial security, needs to be considered in a holistic way. A core consideration here is the integration of the different systems for security management, e.g. the interaction between CSMS (vehicle domain: UNECE R155) and ISMS (backend domain: ISO 27001).

Based on our experience in both environments, TÜV SÜD is the right partner for the automotive industry to meet these new challenges. It’s vital that the entire automotive industry remembers that the need for system security will never cease!

Next Steps

Site Selector