Automotive E-ssentials

Automotive E-ssentials

Your regular update for technical and industry information

Your regular update for technical and industry information

An interview with Christa Budke about the new standard ISO 24089

In our latest interview with Christa Budke, Technical Expert for Automotive Cybersecurity & Software Updates at TÜV SÜD, we discuss the new standard for vehicle software update engineering, ISO 24089, which was published on 8th February this year.

Image Christa Budke, ISO 24089As we become more reliant on technology in our vehicles, software updates have become a critical aspect of maintaining safety and security on the roads. However, the process of updating software can introduce its own set of safety and security challenges, including the risk of cyberattacks and potential system failures. As an international standard, ISO 24089 was developed to address these challenges and provide a framework for ensuring that software updates are performed safely and securely.

With Christa we talk about current market challenges, the key features of ISO 24089, how it supports the automotive industry in overcoming the challenges associated with software updates in vehicles, and what else needs to be considered in future.

As vehicles become increasingly intelligent, evermore software is embedded within them. What software update challenges do you anticipate?

C. Budke: The ability to make upgrades to vehicles remotely via software updates has revolutionised the automotive market. However, it has also introduced a new level of complexity regarding numerous aspects such as compatibility, interoperability, reliability, safety and security. Increased connectivity also means that vehicles are more vulnerable to cyberattacks. Alongside this, organisations involved in road vehicle software update engineering must also consider whether the software update is subject to approval.

"Increased connectivity also means that vehicles are becoming more vulnerable to cyberattacks." 

With so many aspects to take into consideration, this first necessitates the introduction of multiple new management processes and functions, at both the organisational, infrastructure and vehicle level, before a single software update can even be transmitted to a vehicle.

The industry therefore faces the challenges of increased vehicle functionality and connectivity requiring fast software updates to implement important fixes, as well as to add new capabilities. Alongside this, there must be robust management and infrastructure in place to safeguard vehicles from the increased vulnerability of cyberattacks and safety hazards. At the same time proper functionality of all related safety functions within the vehicle must be ensured.

To overcome those challenges, it is even more important for manufactures, supplier, approval authorities and technical services to be involved. They must work together to ensure the safety and security of passengers and cars, once new software updates have been implemented in vehicles.

You mentioned several times that with regular software updates it becomes increasingly important to ensure the safety and security of vehicles. How do you think that can be achieved?

C. Budke: For many years, software updates have been unregulated, leading to an increased number of software glitches and incidents. The industry must therefore ensure that processes are implemented and maintained at an organisational level, such as governance and management for software update engineering, through information sharing policies, continuous improvement, as well as processes for the actual software update projects.

The implementation and maintenance of a state-of-the-art process framework for automotive software updates is also vital. Organisations involved in road vehicle software update engineering should therefore comply with the new ISO 24089 standard, which introduces a globally uniform approach to software update engineering. With this compliance manufacturers, suppliers and organisations can prove they correspond to the state-of-the-art. And, whether state-of-the-art is achieved must be verified by regular audits and assessments.

You have been involved in the development of the new ISO 24089 standard for automotive software update engineering. What issues did you discuss and what was the idea behind the new standard?

C. Budke: Increased connectivity has made vehicles more vulnerable to cyberattacks and safety hazards than ever before. ISO 24089 mandates the standardisation of safe and secure software updates on a global level, for the first time. The standard creates a state-of-the-art for automotive software update engineering and is harmonised with the United Nations’ regulation, UN R156, which regulates automotive software updates. Here the working group tried to follow the same approach as for cybersecurity, which is regulated and standardised through UN R155 and ISO/SAE 21434.

"ISO 24089 mandates the standardisation of safe and secure software updates on a global level, for the first time."

Our goal within the working group for the new ISO 24089 standard was to find a solution to harmonising the standard with UN R156, while also keeping it neutral regarding all approval aspects such as the “Regulation X Software Identification Number” (RXSWIN), which is defined in UN R156 for software update and software update management system. This number ensures that type approval relevant software modifications can be traced. If the type approval relevant software is modified by the vehicle manufacturer, the RXSWIN will be updated. This will result in a type approval extension to ensure the vehicle remains compliant to any relevant vehicle type approval regulation.

What is the new ISO 24089 standard about?

C. Budke: ISO 24089 is an international standard for software update engineering, including organisational, processual, and functional requirements for the complete software update procedure. The standard provides terminology, objectives, requirements, and guidelines. For the first time, these are aligned globally, thereby creating a common global understanding for software update engineering processes. The new standard establishes a set of processes that includes goal setting for automotive software updates, planning, auditing process monitoring, process measurement and process improvement. ISO 24089 addresses requirements and recommendations for the safety as well as the cybersecurity of software updates and the whole software update process itself.

What is the scope of ISO 24089?

C. Budke: ISO 24089 covers activities at both an organisational and project level. Requirements at the organisational level ensure that an organisation has established software update engineering governance and management. The project level includes the infrastructure, the vehicle and its systems, as well as the assembly of a software update package and the software update campaign. The software update campaign involves the sequence of identifying targets and resolving them into recipients, distributing the software update packages, and monitoring and documenting the results. Thereby it can be identified if the respective software update was successfully implemented or interrupted during upload. For the software update campaign, requirements for its preparation, execution and completion are defined.

There are some items that are not covered by the scope of ISO 24089. This includes the development of vehicle functions, except for software update engineering purposes. Also, no specific technologies or solutions are given within the standard.

How does the new standard support the automotive industry to overcome the current software update challenges and cybersecurity issues?

C. Budke: The standard provides a structured framework for manufacturers, suppliers and their subsidiaries, and contractual partners. It also includes process requirements to implement software update engineering at both organisational and project level. The standard enables relevant industry players to develop and maintain a safe and secure software update mechanism, alongside associated processes. It also defines functions for the vehicle and infrastructure, for example, to support the processes and activities related to reliability, safety and cybersecurity. This comprehensively ensures that a component, or even the entire vehicle, can perform software updates safely and securely. This also gives organisations the required evidence to support type approval in the EU and other countries that adopted the UN R156, such as Japan, which enables them to take their products to market.

What new compliance requirements does ISO 24089 introduce to the automotive sector and who must comply to the standard?

C. Budke: As already mentioned, ISO 24089 introduces requirements for manufacturers, suppliers and their subsidiaries, and contractual partners regarding software update engineering. This includes requirements for management and governance. It also includes new requirements relating to software update projects, for both project management information, such as handling and role assignment, and planning software update activities.

"ISO 24089 introduces requirements for manufacturers, suppliers and their subsidiaries, and contractual partners regarding software update engineering." 

Other new requirements include functions to the infrastructure and the vehicle. This covers requirements for cybersecurity, and the collection and storage of information related to vehicle configurations, as well as for the distribution of a software update package. The topic of distribution also addresses issues such as the sequence of updates, and monitoring and documentation of results for software update campaigns.

As ISO 24089 is an international standard, compliance is voluntary. However, for those businesses that want to optimise their market potential, compliance would be advisable, as it can be a requirement raised by contracting parties for doing business, or be a necessity for state-of-the-art compliance.

Is there a transition period and what are the key dates?

C. Budke: ISO 24089 was published on 8th February 2023 and there is no transition period. The standard can be applied immediately and now represents the current state-of-the-art for automotive software updates.

How does ISO 24089 fit with UN R156?

C. Budke: UN R156 is a regulation while ISO 24089 is an industry standard. This means that UN R156 is mandatory for every vehicle sold in UNECE member countries, while ISO 24089 provides state-of-the-art industry practices. While UN R156 only covers OEM compliance, ISO 24089 can also be applied across the supply chain.

The requirements of ISO 24089 are harmonised with UN R156, and both mandate that security and safety is enforced across the whole automotive software update mechanism. Parts of the UN R156 can also be fulfilled with evidence from ISO 24089.

Do you foresee any challenges regarding the new standard?

C. Budke: The industry faces a lot of new challenges with the introduction of ISO 24089. Not least because there are a lot of new processes that must be considered and implemented throughout each organisation, alongside a vast amount of information relating to updates that must be managed effectively. On top of this, these new processes must now be integrated with processes of other disciplines, such as safety and security. This includes integration with standards such as ISO 26262, ISO/SAE 21434, ISO 10007 or IATF 16949.

Are there any other standards and requirements that you believe need introducing to ensure the cybersecurity and safety of new future mobility solutions?

C. Budke: ISO 24089 is a very comprehensive standard that will help the automotive industry to tackle effectively the challenges faced relating to safety and cybersecurity in the context of software updates. However, further down the line, some smaller elements that the current standard does not specify include the Vehicle Configuration Information (VCI), which is the counterpart to RXSWIN in UN R156, to ensure that vehicle software remains compliant with vehicle type approval.

Is the ISO 24089 working group planning any further updates to the standard?

C. Budke: Currently, the working group is not planning any specific updates for ISO 24089, but we are discussing if other topics are worth considering going forward. These include a proposal to develop a standard for auditing software updates for road vehicles, alongside a proposal to do further work regarding the infrastructure, vehicle configuration information, and software update distribution methods. Also, it was discussed if a new work item proposal for a technical reference, for a technical software update framework to update the firmware of ECUs, should be worked on.

"As automotive technology developments evolve rapidly, it will be essential that standards like ISO 24089 keep pace with innovations to ensure safety and cybersecurity."

While increased connectivity brings many benefits, such as fast software updates, it does make vehicles more complex and vulnerable than ever before. Therefore, as automotive technology developments evolve, it will be essential that standards like ISO 24089 keep pace with innovations to ensure the continued safety and cybersecurity of road vehicles.


Do you want to understand the ISO 24089 requirements to achieve compliance and to ensure vehicle safety and security for software updates? Learn more how TÜV SÜD can support you

EXPLORE

Assessment of software update procedures
Infosheet

Assessment of automotive software update procedures

Ensure regulatory compliance

Learn More

Interior view of an car with illustrations in the front
White paper

Virtual homologation of an ALKS according to UNECE R157

Gain insights into UNECE R157 and scenario-based test approaches

Learn More

Cyber security threats of autonomous and connected vehicles
Stories

Cyber security threats of connected vehicles

Consequences and safety solutions

Learn More

VIEW ALL RESOURCES

Next Steps

Site Selector