Since 2016 the number of cyberattacks on vehicles has almost doubled. Prominent examples, such as the theft of a Tesla via a hacked app, show that there is a need for action here - throughout the entire lifecycle of a vehicle. Vehicle manufacturers are also aware that a high level of cybersecurity is a strong competitive advantage.
The UNECE (United Nations Economic Commission for Europe) has also issued its own regulations (R.155 & R.156 ) as early as 2021, which are intended to ensure safety in road traffic.
R.155 - for cars, trucks and buses – requires:
- Establishment of the UNECE Cybersecurity Management System (CSMS)
- Risk management across the entire enterprise and lifecycle of each vehicle
- Risk assessments for each vehicle type
- Cybersecurity audits for each vehicle type
- Vulnerability analysis throughout the development and production process
- Cyber ecurity monitoring and incident response for existing vehicle types
- Documentation of cybersecurity management
In addition, there are country-specific regulations on data protection. For automotive manufacturers, suppliers and developers, this has an impact on the entire life cycle of their products - from planning to operation and disposal.
Consequently, Continental's cybersecurity philosophy is based on 3 pillars: prevent, detect, respond. Ideally, attacks are prevented by making it as difficult as possible for the attacker to penetrate the vehicle or its system. Still, there is no 100 percent guarantee. The important thing then is to detect attacks in real time and use the right tools to understand the nature of the hack. Among other things, this includes identifying where the attack came from and its scope - is it targeting a vehicle, the fleet or the entire company. With this information, Continental can respond adequately to an attack, limit the damage and, for example, immunize a fleet within hours.
In order to address this Continental has created an overarching framework and implemented processes, guidelines, rules and the risk management CSMS (Cybersecurity Management System). This ensures continuous software development and security monitoring throughout the vehicle's lifecycle.