Your regular update for technical and industry information
Your regular update for technical and industry information
Alexander is Head of Automotive Security and Connectivity for Highly Automated Driving (HAD) at TÜV SÜD. He has more than 20 years of experience within large engineering organisations, specialising in the automotive sector for the last fourteen years with roles covering automotive security, embedded software, connectivity and project management. He re-joined TÜV SÜD in January 2022, after working in the areas of software development, security, and compliance for the Volkswagen Group for several years.
In this interview, Alexander talks about the trends in the automotive market - focusing on security, the changing environment, and the upcoming challenges he and his team are facing.
A. Ersoy: Automated driving is one of the hot topics in the automotive industry. After a noticeable interruption, caused by the COVID pandemic and the ongoing chip crisis, automotive manufacturers are restarting their automated driving programmes. Also, new players are continuously entering this field with new technologies. To support this market growth, TÜV SÜD is developing methods to bring self-driving vehicles onto the road safely – and safety can only be achieved by keeping security in mind. As security is a topic that is constantly evolving, with new attack vectors and new threats, this inspires me every day.
A. Ersoy: As a reliable and competent automotive industry partner for automated driving, we want to further enable OEMs and system vendors to take their vehicles and/or systems safely and securely on the road. We support our customers globally with advisory, assessments and audits/certifications based on UNECE regulations, national regulations and acts, as well as industry standards such as ISO and NIST. Of course it is also our task to always being aware on recent market and regulation changes to be able to adopt our services quickly to support our customers in the best way possible.
A. Ersoy: We are currently working on assessments and audits of a wide range of different HAD vehicle types and systems. This includes small self-driving transport equipment, such as delivery robots and vehicle systems (e.g., steer-by-wire components), as well as people mover and complete SAE Level 3 (driver takes control when demanded) or Level 4 (driver control optional) vehicles. To deliver against our customers’ expectations in the HAD market, we work internationally in close collaboration with other TÜV SÜD entities and experts.
A. Ersoy: The complexity of systems and new technologies, such as L4 systems, means that the potential attack vectors and threats are also evolving. Alongside this, the impact of a potential security incident will become more significant as a greater number of critical driving functions are taken over by a technical system. These systems, the safety of the driver and the environment must therefore be protected. TÜV SÜD has the responsibility as an independent inspection company to prove that the vendor and OEM have done everything to deliver a safe and secure product to their customer. And, more importantly, that they can react quickly and appropriately to protect an end-user if there is a security breach, which will happen sooner or later.
A. Ersoy: As a partner to the HAD community, we start working closely with OEMs and vendors from the start of the system/vehicle development phase, and act as the bridge with the regulatory authorities to keep them notified.
This includes several different phases, depending on the product:
Our knowledge of security and connectivity for automated driving enables us to guide our customers though the different regulations, acts and standards requirements which can sometimes be misinterpreted without expert help. For example, this includes industry standards ISO/SAE 21434 and upcoming ISO/DIS 24089, as well as EU regulations R155 / R156 / R157 and national acts such as AFGBV.
Additionally, we participate in several global working groups to ensure that we are always up to date with current and upcoming regulations and standards on a worldwide scale (e.g., UNECE, ISO, SAE, IEEE, DIN, BMVI, etc.).
"As complexity and connectivity are increasing automotive security is more important than ever and a topic that will not lose its importance within the automotive industry.”
A. Ersoy: The connectivity topics are increasingly relevant. If you think about teleoperated vehicles or Car-2-X-communication to support SAE Level 4 automated driving functions, the connectivity to the outside of the transport unit must be secure and fault-tolerant. Furthermore, the upcoming 5G mobile networks (public or privately owned), which will be used to communicate and operate self-driving vehicles, must fulfil certain standards and regulations (e.g., 5GAA, ITS).
This leads us to another topic: how the fusion of vehicle security with information security, and even industrial security, needs to be considered in a holistic way. A core consideration here is the integration of the different systems for security management, e.g. the interaction between CSMS (vehicle domain: UNECE R155) and ISMS (backend domain: ISO 27001).
Based on our experience in both environments, TÜV SÜD is the right partner for the automotive industry to meet these new challenges. It’s vital that the entire automotive industry remembers that the need for system security will never cease!
How can equipment manufacturers and innovators ensure their products are safe, sound and functional?
Realize a competitive advantage with agile product development
Consequences and safety solutions
Learn about the current version of the UNECE regulation for automated lane keeping systems (ALKS)
A six-point approach for developing a regulatory framework.
Take action to strengthen industrial cybersecurity.