Your regular update for technical and industry information
Your regular update for technical and industry information
In our latest interview with Christa Budke, Technical Expert for Automotive Cybersecurity & Software Updates at TÜV SÜD, we discuss the new standard for vehicle software update engineering, ISO 24089, which was published on 8th February this year.
As we become more reliant on technology in our vehicles, software updates have become a critical aspect of maintaining safety and security on the roads. However, the process of updating software can introduce its own set of safety and security challenges, including the risk of cyberattacks and potential system failures. As an international standard, ISO 24089 was developed to address these challenges and provide a framework for ensuring that software updates are performed safely and securely.
With Christa we talk about current market challenges, the key features of ISO 24089, how it supports the automotive industry in overcoming the challenges associated with software updates in vehicles, and what else needs to be considered in future.
C. Budke: The ability to make upgrades to vehicles remotely via software updates has revolutionised the automotive market. However, it has also introduced a new level of complexity regarding numerous aspects such as compatibility, interoperability, reliability, safety and security. Increased connectivity also means that vehicles are more vulnerable to cyberattacks. Alongside this, organisations involved in road vehicle software update engineering must also consider whether the software update is subject to approval.
"Increased connectivity also means that vehicles are becoming more vulnerable to cyberattacks."
With so many aspects to take into consideration, this first necessitates the introduction of multiple new management processes and functions, at both the organisational, infrastructure and vehicle level, before a single software update can even be transmitted to a vehicle.
The industry therefore faces the challenges of increased vehicle functionality and connectivity requiring fast software updates to implement important fixes, as well as to add new capabilities. Alongside this, there must be robust management and infrastructure in place to safeguard vehicles from the increased vulnerability of cyberattacks and safety hazards. At the same time proper functionality of all related safety functions within the vehicle must be ensured.
To overcome those challenges, it is even more important for manufactures, supplier, approval authorities and technical services to be involved. They must work together to ensure the safety and security of passengers and cars, once new software updates have been implemented in vehicles.
C. Budke: For many years, software updates have been unregulated, leading to an increased number of software glitches and incidents. The industry must therefore ensure that processes are implemented and maintained at an organisational level, such as governance and management for software update engineering, through information sharing policies, continuous improvement, as well as processes for the actual software update projects.
The implementation and maintenance of a state-of-the-art process framework for automotive software updates is also vital. Organisations involved in road vehicle software update engineering should therefore comply with the new ISO 24089 standard, which introduces a globally uniform approach to software update engineering. With this compliance manufacturers, suppliers and organisations can prove they correspond to the state-of-the-art. And, whether state-of-the-art is achieved must be verified by regular audits and assessments.
C. Budke: Increased connectivity has made vehicles more vulnerable to cyberattacks and safety hazards than ever before. ISO 24089 mandates the standardisation of safe and secure software updates on a global level, for the first time. The standard creates a state-of-the-art for automotive software update engineering and is harmonised with the United Nations’ regulation, UN R156, which regulates automotive software updates. Here the working group tried to follow the same approach as for cybersecurity, which is regulated and standardised through UN R155 and ISO/SAE 21434.
"ISO 24089 mandates the standardisation of safe and secure software updates on a global level, for the first time."
Our goal within the working group for the new ISO 24089 standard was to find a solution to harmonising the standard with UN R156, while also keeping it neutral regarding all approval aspects such as the “Regulation X Software Identification Number” (RXSWIN), which is defined in UN R156 for software update and software update management system. This number ensures that type approval relevant software modifications can be traced. If the type approval relevant software is modified by the vehicle manufacturer, the RXSWIN will be updated. This will result in a type approval extension to ensure the vehicle remains compliant to any relevant vehicle type approval regulation.
C. Budke: ISO 24089 is an international standard for software update engineering, including organisational, processual, and functional requirements for the complete software update procedure. The standard provides terminology, objectives, requirements, and guidelines. For the first time, these are aligned globally, thereby creating a common global understanding for software update engineering processes. The new standard establishes a set of processes that includes goal setting for automotive software updates, planning, auditing process monitoring, process measurement and process improvement. ISO 24089 addresses requirements and recommendations for the safety as well as the cybersecurity of software updates and the whole software update process itself.
C. Budke: ISO 24089 covers activities at both an organisational and project level. Requirements at the organisational level ensure that an organisation has established software update engineering governance and management. The project level includes the infrastructure, the vehicle and its systems, as well as the assembly of a software update package and the software update campaign. The software update campaign involves the sequence of identifying targets and resolving them into recipients, distributing the software update packages, and monitoring and documenting the results. Thereby it can be identified if the respective software update was successfully implemented or interrupted during upload. For the software update campaign, requirements for its preparation, execution and completion are defined.
There are some items that are not covered by the scope of ISO 24089. This includes the development of vehicle functions, except for software update engineering purposes. Also, no specific technologies or solutions are given within the standard.
C. Budke: The standard provides a structured framework for manufacturers, suppliers and their subsidiaries, and contractual partners. It also includes process requirements to implement software update engineering at both organisational and project level. The standard enables relevant industry players to develop and maintain a safe and secure software update mechanism, alongside associated processes. It also defines functions for the vehicle and infrastructure, for example, to support the processes and activities related to reliability, safety and cybersecurity. This comprehensively ensures that a component, or even the entire vehicle, can perform software updates safely and securely. This also gives organisations the required evidence to support type approval in the EU and other countries that adopted the UN R156, such as Japan, which enables them to take their products to market.
C. Budke: As already mentioned, ISO 24089 introduces requirements for manufacturers, suppliers and their subsidiaries, and contractual partners regarding software update engineering. This includes requirements for management and governance. It also includes new requirements relating to software update projects, for both project management information, such as handling and role assignment, and planning software update activities.
"ISO 24089 introduces requirements for manufacturers, suppliers and their subsidiaries, and contractual partners regarding software update engineering."
Other new requirements include functions to the infrastructure and the vehicle. This covers requirements for cybersecurity, and the collection and storage of information related to vehicle configurations, as well as for the distribution of a software update package. The topic of distribution also addresses issues such as the sequence of updates, and monitoring and documentation of results for software update campaigns.
As ISO 24089 is an international standard, compliance is voluntary. However, for those businesses that want to optimise their market potential, compliance would be advisable, as it can be a requirement raised by contracting parties for doing business, or be a necessity for state-of-the-art compliance.
C. Budke: ISO 24089 was published on 8th February 2023 and there is no transition period. The standard can be applied immediately and now represents the current state-of-the-art for automotive software updates.
C. Budke: UN R156 is a regulation while ISO 24089 is an industry standard. This means that UN R156 is mandatory for every vehicle sold in UNECE member countries, while ISO 24089 provides state-of-the-art industry practices. While UN R156 only covers OEM compliance, ISO 24089 can also be applied across the supply chain.
The requirements of ISO 24089 are harmonised with UN R156, and both mandate that security and safety is enforced across the whole automotive software update mechanism. Parts of the UN R156 can also be fulfilled with evidence from ISO 24089.
C. Budke: The industry faces a lot of new challenges with the introduction of ISO 24089. Not least because there are a lot of new processes that must be considered and implemented throughout each organisation, alongside a vast amount of information relating to updates that must be managed effectively. On top of this, these new processes must now be integrated with processes of other disciplines, such as safety and security. This includes integration with standards such as ISO 26262, ISO/SAE 21434, ISO 10007 or IATF 16949.
C. Budke: ISO 24089 is a very comprehensive standard that will help the automotive industry to tackle effectively the challenges faced relating to safety and cybersecurity in the context of software updates. However, further down the line, some smaller elements that the current standard does not specify include the Vehicle Configuration Information (VCI), which is the counterpart to RXSWIN in UN R156, to ensure that vehicle software remains compliant with vehicle type approval.
C. Budke: Currently, the working group is not planning any specific updates for ISO 24089, but we are discussing if other topics are worth considering going forward. These include a proposal to develop a standard for auditing software updates for road vehicles, alongside a proposal to do further work regarding the infrastructure, vehicle configuration information, and software update distribution methods. Also, it was discussed if a new work item proposal for a technical reference, for a technical software update framework to update the firmware of ECUs, should be worked on.
"As automotive technology developments evolve rapidly, it will be essential that standards like ISO 24089 keep pace with innovations to ensure safety and cybersecurity."
While increased connectivity brings many benefits, such as fast software updates, it does make vehicles more complex and vulnerable than ever before. Therefore, as automotive technology developments evolve, it will be essential that standards like ISO 24089 keep pace with innovations to ensure the continued safety and cybersecurity of road vehicles.
Do you want to understand the ISO 24089 requirements to achieve compliance and to ensure vehicle safety and security for software updates?
Ensure regulatory compliance
Gain insights into UNECE R157 and scenario-based test approaches
Consequences and safety solutions