As mentioned in my earlier blog, regulatory compliance is paving the way for cybersecurity. The new UNECE WP.29 regulation and ISO/SAE 21434 standard on cybersecurity is set to trigger a paradigm shift in the automotive industry as it will require integrating cybersecurity across the automotive industry which will have a domino effect. The impact of this regulation and standards will be felt across the entire automotive supply chain as both OEMs and their suppliers will need to comply with these new regulations. OEMs must prove that vehicle series which are already under development for production from mid-2022 onwards have been developed in a secure manner. This means that to accept or integrate even the smallest building block into their vehicle OEMs will require their suppliers to provide evidence of compliance to the standards.
The United National Economic Commission for Europe (UNECE) mandated new regulations on the cybersecurity management systems for new vehicles. These regulations require manufacturers to have evidence of a certified Cyber Security Management System, as well as a Software Update Management System for all new vehicles in 2022. And, by 2024, all prior makes and models will need to be updated to comply.
In response, the International Organization for Standardization and SAE International introduced ISO/SAE 21434, a new standard with process requirements for cybersecurity risk management and product development of road vehicle systems Covered processes include the complete life cycle from concept, development, production, operations and maintenance, to decommissioning.
So how are the two related? ISO/SAE 21434 is a means to achieve the goal-UNECE approval. The UNECE R155 regulation calls for coordinated cybersecurity activities at all levels of the supply chain to establish a Cybersecurity Management System. Guidance on how to setup a cybersecurity management system can be found in the new standard: ISO/SAE DIS 21434, Road vehicles – Cybersecurity engineering.
IBM Engineering Lifecycle Management Automotive Compliance
Starting with version 1.0.3, IBM Engineering Lifecycle Management (ELM) solution for Automotive Compliance supports ISO/SAE 21434 standards within our solution for creating a cybersecurity management system across the automotive supply chain as mandated by the UNECE WP.29/R155.
IBM Engineering Lifecycle Management Automotive Compliance complements the IBM Engineering Lifecycle Management with templates, reports and processes for supporting compliance to ISO/SAE 21434.
Ready-to-Use, Built-in Process
The ELM Automotive Compliance solution is a pre-defined, automotive systems engineering process that significantly reduces the costs for audit preparation and compliance with automotive standards. The ready-to-use, built-in process guidance is:
- Structured to provide a detailed mapping of guidance and work products in ISO/SAE 21434 to the solution content
- Designed with ongoing industry transformation in mind and rely on established SAFe® agile process framework
- Enabled to tailor the out of the box process content to suite organization and team needs required to achieve higher level of process maturity
Systematic risk assessment for safety and cybersecurity
Risk Assessment is an important part of the cybersecurity concept phase. ELM Automotive Compliance supports widely used risk assessment method Threat Analysis and Risk Assessment (TARA) by providing explicit support for:
- Capturing of the cybersecurity elements required by ISO 21434 (e. g. Item Definition, Assets, Damage Scenario, Threat Scenario, Attack Path, Cybersecurity Goals & Claims,Cybersecurity Requirements)
- Vulnerability analysis and Cybersecurity Event Assessment to provide inputs for TARA
- Auto calculation of risk values using attack path feasibilities and overall impact of damage scenario to help in risk determination during TARA
Holistic development process to achieve high work product quality
Projects require to perform activities and verify them iteratively till no further refinements to the cybersecurity controls are required. ELM Automotive Compliance provides support for:
- Plan, adjust and monitor project dependent and continual cybersecurity activities
- Define cybersecurity specifications, and design, implement and verify cybersecurity requirements independently and objectively without conflicts of interest
- Demonstrate consistency of design and test with requirements using built-in strategy for reviews, problem resolution, configuration management and change management strategy to address compliance needs
Insights into development to support compliance
Real-time reports, viewed directly in your project, help highlight problems when they happen, pinpoint gaps, and flag inconsistencies. ELM Automotive Compliance includes a comprehensive set of reports for:
- Traceability, completeness and correctness monitoring for reliable end-to-end view of your engineering data
- Insights to track and monitor cybersecurity related work for faster and educated decisions required to ascertain overall release readiness
- Transparency on milestone delivery to maintain a common understanding on progress against the project and technical objectives with the stakeholders
IBM ELM Automotive Compliance is the engineering management solution for meeting your Compliance needs today and is the foundation for your company’s digital transformation of engineering.
The solution guides your engineering team’s work in an efficient manner while producing all necessary evidences for compliance as a by-product. Being able to leverage out-of-the-box contents frees up resources that otherwise would work on similar concepts starting from scratch. As a result, capacity of engineers can shift on engineering and innovation topics. Eventually, tool roll-out processes can be accelerated, and future customizing and maintenance effort can be decreased.