麥肯錫汽車網(wǎng)絡(luò)安全:應(yīng)對(duì)挑戰(zhàn)_第1頁(yè)
麥肯錫汽車網(wǎng)絡(luò)安全:應(yīng)對(duì)挑戰(zhàn)_第2頁(yè)
麥肯錫汽車網(wǎng)絡(luò)安全:應(yīng)對(duì)挑戰(zhàn)_第3頁(yè)
麥肯錫汽車網(wǎng)絡(luò)安全:應(yīng)對(duì)挑戰(zhàn)_第4頁(yè)
麥肯錫汽車網(wǎng)絡(luò)安全:應(yīng)對(duì)挑戰(zhàn)_第5頁(yè)
已閱讀5頁(yè),還剩62頁(yè)未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

Mckunsey

&company

Cybersecurity

inautomotive

Masteringthechallenge

March2020

Cybersecurityinautomotive

Masteringthechallenge

Authors

OndrejBurkacky

JohannesDeichmannBenjaminKlein

KlausPototzkyGundbertScherf

Acknowledgements

ThisstudywasconductedbyMcKinsey&Company,Inc.WewishtoexpressourappreciationandgratitudetoGSAanditsmembersfortheircontinuedsupportandvaluablecontributions.

Cybersecurityinautomotive2

Contents

Introductionandkeyinsights 4

1.Cybersecurityisbecominganewdimensionofqualityforautomobiles 5

2.Automotiveindustryisrethinkingcybersecurityalongtheentirevaluechain 9

3.Managingcyberriskthroughoutthevehiclelifecyclewillrequirenewworkingpractices 17

4.Automotiveexecutivesshouldpreparetheircybersecuritystrategy 21

Outlook 28

Appendix 29

Keyaspectsofthemarketmodel 30

Listofabbreviations 31

Contactsandauthors 32

Importantnotice 33

Cybersecurityinautomotive3

Introduction

andkeyinsights

ThefourACESdisruptions–autonomousdriving,connectedcars,electricvehicles,andsharedmobil-ity–havedominatedtheagendaofautomotiveindus-tryleadersinrecentyears.Theseinnovations,builtonthedigitizationofin-carsystems,theextensionofcarITsystemsintothebackend,andthepropagationofsoftware,turnmoderncarsintoinformationclear-inghouses.Hackingofconnectedcarsbysecurityresearchershasmadeheadlinesoverthepastfew

years,andconcernsaboutthecybersecurityofmodernvehicleshavebecomereal.Lately,regu-latorshavealsostartedworkingondefiningtheminimumcybersecurityrequirementsfornewcars.TheUNECEWP.291regulationoncybersecurityandsoftwareupdatesisonthehorizonandwill

triggeraparadigmshiftintheautomotiveindustryintheUNECEmembercountries.OthercountriesliketheUSandChinahaveissuedbestpracticesandframeworksbutnoregulationsyet.GiventheinfluenceofUNECE,however,abroadadoptionofitsregulationacrosstheworldisexpected.

Withthesefirstregulatoryprogramsforcyber-securityandsoftwareupdatesintheautomotivesector,theregulatorwillrequireautomotive

OEMs–theresponsiblepartiesforvehiclehomo-logation–todemonstrateadequatecyber-riskmanagementpracticesthroughoutdevelopment,production,andpostproductionoftheirvehicles,includingtheabilitytofixsoftwaresecurityissuesafterthesaleofvehiclesandovertheair.

Inthiscontextandbasedonourextensiveresearchandanalyses,weofferaperspectiveonthreekeyquestionsfortheautomotiveindustry:

—Whatarethespecifictrendsanddriversofcyber-securityintheautomotiveindustryandwhyisthisaparadigmshiftfortheindustry?

—Howarethesedriversgoingtoaffecttheauto-motiveindustry’slong-establishedvaluechains?

—Howcanplayersinsideandoutsidetheindustry

prepareandpositionthemselvesfortheupcom-ingmarketdevelopmentsandanticipatedseg-mentgrowth?

Whilethefollowingparagraphsprovideasummaryofourresearch,theremainderofthereportwilladdressthesequestionsindetail.

Enginepower,fuelconsumption,drivingcomfort,andtheprecisionofacar’schassisandbodyarejustafewdimensionsthatdefinethequalityofacar.Withmoreandmorecorevehiclefunctionsenabledbysoftwarerunningonspecializedhardwarechips,thesecurityofthosecomponents–cybersecurity–willbecomeyetanotherdimensionofqualityintheautomotiveindustry,inmuchthesamewaythatphysicalsafetyisamajorconcernandqualityparametertoday.

Thismeasureofqualityisunderpinnedbyregulatoryactivitiesthatimposeminimumstandardsforman-agingcybersecurityrisksandrequireOEMstohavetheabilitytofixsecurityissuesviasoftwareupdates.Cybersecuritywillbecomenonnegotiablefortheindustry.

Inordertoexcelatcybersecurity,newprocesses,skills,andworkingpracticesalongtheautomotivevaluechainwillberequired.Thisincludesidentifyingcyberrisks,designingsecuresoftwareandhardwarearchitectures,anddevelopingandtestingsecurecodeandchips,ensuringthatissuescanbefixed–evenyearslater–viasoftwareupdates.

Therisingneedforcybersecuritywilltriggerinvest-mentsoverthenextfewyears.WeexpecttoseethemarketgrowfromUSD4.9billionin2020toUSD9.7billionin2030,withsoftwarebusinessrepresentinghalfofthemarketby2030.Thestronggrowthofthemarketwillcreatemanynewbusinessopportunitiesforsuppliers,establishedITfirms,specialistnichefirms,start-ups,andmanyothers,especiallyinthesoftwaredevelopmentandservicesmarket.Atthesametime,thedynamicsofthegrowingmarketwillalsochallengetoday’sleadersinthemarket.

1UNECE,ProposalforanewUNRegulationonuniformprovisionsconcerningtheapprovalofvehicleswithregardtocybersecurityandoftheircybersecuritymanagementsystems;UNECE,ProposalforanewUNRegulationonuniformprovisionsconcerningtheapprovalofvehicleswithregardtosoftwareupdateprocessesandofsoftwareupdatemanagementsystems.

Cybersecurityinautomotive4

1.Cybersecurityis

becominganew

dimensionofqualityforautomobiles

Cybersecurityinautomotive5

Softwareisoneofthekeyinnovationsinmodernvehicles

Softwareandelectrical/electronic(E/E)compo-nentsareandwillcontinuetobeamongthekeyinnovationsinmodernvehicles.ThemarketisexpectedtogrowfromUSD238billionin2020toUSD469billionin2030,correspondingtoanannualgrowthofover7percentperyear.2

Thisgrowthisdriventoalargeextentbysoftware,whichisbecomingakeydifferentiator.SoftwareisdrivinginnovationinthefourACEScategories:

—Autonomous.Autonomouscars,whichhavebeenthesubjectoffantasyforalongtime,arebecomingreality.Leadingcompanieshavealreadydrivenmillionsofmilesonpublicroadswiththem,butsofaralwaysunderthewatchfuleyeofahumanbehindthesteeringwheel.Thedisengagementrateinfieldtests,i.e.,howoftenthehumandriverneedstotakeovercontrol,israpidlydeclining,puttingfullyautonomouscarsinreachwithinmereyears.Whilethe

autonomouscaroffersgreatadvantages,itcomeswiththeriskofhackersinterferingwithsteeringorbreaking.Suchincidentswouldfosterfearofautonomouscarsandputthewholetechnologyatrisk.

—Connected.Carsarebecomingmoreandmoreconnected.Theservicesenabledbyconnectivitytodayrangefromsendingdestinationaddress-estothevehicle,toreceivingreal-timetrafficinformation,toparkingthevehicleremotelyviaasmartphoneapp.However,theconnectivityofcarsisapotentialattackvectorforhackerstocompromiseafullfleetofcars,whichistheworstnightmareofeveryOEM.

—Electric.Theriseofelectriccarsstartedseveralyearsagoandtheyaregainingmoreandmoretractionastheirrangeincreasesandtheirpricedecreases.Challengedbymanystart-ups,

almostallincumbentOEMshaveembarkedonthejourneytoincludingelectriccarsintheirproductportfolios.Theelectriccarperseisnotmoresusceptibletosabotagethanacon-ventionalcar,butattacksoncharginginfra-structurecanhavesevereeffects,frompoweroutagestofires.

—Shared.Enabledbyconnectivity,newbusi-nessmodelsfortransportationhavebecomeviable,suchascarsharingandridehailing.Thetrendinmobilityismovingawayfromcarownershipandtowardsshared-carsolutions,

whichissignificantlyincreasingvehicleutilization.Thistrendrequiresfullprotectionofuserdata–abreachofsensitivedatacouldfostermassivedistrustofthebusinessmodel.

Adeeperlookintotheconnectedcarshowsthreetypesofsoftwarethatwilldriveinnovationin

thisarea:

—In-vehicleservices:Allsoftwarewithinthe

vehiclethatrunsonelectroniccontrolunits(ECUs)ordomaincontrolunits(DCUs)withinthecar

—OEMback-endservices:Cloudservicesforboththevehicleanduser

—Infrastructureandthird-partyservices:

Softwarelinksbetweenthevehicleandinfra-structure,e.g.,gas/charging,parking,insurance.

Whiletheindustryisinvestingininnovationsacrossthesetypesofsoftwaretoenhancethecustomerexperienceandincreasethevalueofmoderncars,manufacturersmustalsobuildincybersecurityfromthebeginningtoavoidcreatingcyberattack-pronedigitalplatformsandvehicles.

Witheverylineofcode,thecyberrisktomodernvehiclesincreases,andsecurityresearchershave

demonstrateditsimpactandcost

Overthelastseveralyears,moderncarshavebecomedatacentersonwheels.ComparingthelinesofcodeinmodernconnectedcarswithaircraftsandPCsprovidesaglimpseintothechallengesofsecuringthesevehicles.Today’scarshaveupto150ECUsandabout100millionlinesofcode;

by2030,manyobserversexpectthemtohave

roughly300millionlinesofsoftwarecode.Toputthisintoperspective,apassengeraircrafthasanestimated15millionlinesofcode,amodernfighterjetabout25million,andamass-marketPCoperatingsystemcloseto40million.3Thisabundanceofcomplexsoftwarecodeisaresultofboththelegacyofdesigningelectronicsystemsinspecificwaysforthepast35yearsandthegrowingrequirementsandincreasingcomplexityofsystemsinconnectedandautonomouscars.Thisamountofcodecreatesampleopportunityforcyberattacks–notonlyonthecaritselfbutalsoonallcomponentsofitseco-system(e.g.,backend,infrastructure).

Thecyberriskofconnectedcarshasbecomeclearoverthepastfewyears,assecurityresearchershaverevealedvarioustechnicalvulnerabilities.Inthesescenarios,the“attackers”werenotexploitingthevulnerabilitieswithbadintentionsbutrather

2Source:McKinsey,“Mappingtheautomotivesoftware-and-electronicslandscapethrough2030,”July2019.

3Source:McKinsey,“Theraceforcybersecurity:Protectingtheconnectedcarintheeraofnewregulation,”O(jiān)ctober2019.

Cybersecurityinautomotive6

disclosinginformationtoOEMstohelpthemfixthoseissuesbeforemaliciousattackerscausedactualharm.Someoftherecentlyreportedvulnera-bilitiesarelistedinExhibit1.

Afterbecomingawareofthevulnerabilities,OEMsfixedtheissuesandprovidedsoftwareupdates.But,dependingontheaffectedcarmodel,itsE/Earchitecture,andtheOEM’sabilitytoprovidesoft-wareupdatesovertheair,somesoftwareupdatesrequiredvisitstodealerships,resultinginmuchhighercostsforcarmakers.

Cybersecuritywillbenonnegotiableforsecuringmarketaccessandtypeapprovalinthefuture

Unlikeinotherindustries,suchasfinancialser-vices,energy,andtelecommunications,cyber-securityhassofarremainedunregulatedintheautomotivesector–butthisischangingnow

withtheupcomingUNECEWP.29regulationson

cybersecurityandsoftwareupdates.4Underthisframework,OEMsinUNECEmembercountries(seeExhibit2)willneedtoshowevidenceofsufficientcyber-riskmanagementpracticesendtoend,i.e.,fromvehicledevelopmentthroughproductionallthewaytopostproduction.Thisincludesthedemon-stratedabilitytodeployover-the-airsoftware-securityfixesevenafterthesaleofthevehicle.

OthercountrieslikeChinaandtheUShavesofarnotissuedsimilarregulations,onlyguidelinesandbestpractices.WeexpectthenewUNECEregulationtobecomeadefactostandardevenbeyondits

members.

Lookingattoday’spassengercarmarketvolumesinonlythetenlargestcountriesregulatedunderUNECEWP.29,thenewregulationswilllikelyaffectover20millionvehiclessoldworldwide.Thisdoesnotevenincludecommercialvehicles,oranyothertypeofmotorvehicleregulatedunderUNECEWP.29.

Exhibit1

Softwarevulnerabilitieshavebeenobservedacrosstheentiredigitalcarecosystem

In-vehicleservices

2018:Researchersdemonstrated>10vulnerabilitiesinvariouscarmodels,gaininglocalandremoteaccesstoinfotainment,telematics,andCANbuses

2018:Researchersexploitedvulnerabilitiesofsomeinfotainmentsystemsandgainedcontrolofmicrophones,speakers,andnavigationsystems

2015:ResearchersremotelysentcommandstotheCANbusofaspecificcarthathadanOBD2dongleinstalledtocontrolthecar’swindshieldwipersandbreaks

OEMback-endservices

2019:Malwareinfectedthebackend,makinglaptopsinstalledinpolicecarsunusable

2019:Vehicledataexposedduringregistrationallowedforremotedenial-of-serviceattacksoncars

2015:Researchersdemonstratedvulnerabilitieswithinthebackend,gainingaccesstodoorcontrol

Infrastructure/third-partyservices

2018:EVhomechargerscouldbecontrolledbyaccessingthehomeWi-Finetwork

2018:Securityissuesdiscoveredin13car-sharingapps

2017:Rentalcarcompaniesexposedpersonaldata

Enterprisetechnology

2019:Memoryvulnerabilityatacloudproviderexposeddataincl.passwords,APIkeys,andtokens

2019:HackofanOEM’sautomotivecloudviathird-partyservicesandtier-1suppliernetwork

2018:Cloudservershackedandusedforcryptomining

Productionandmaintenancesystems

2019:Amalwareinfectioncausedsignificantproductiondisruptionatacarpartsmanufacturer

2018:Anex-employeebreachedthecompanynetworkanddownloadedlargevolumesofpersonalinformation

2017:Ransomwarecausedthestopofproductionacrossseveralplants

Source:Presssearch

4UNECE,ProposalforanewUNRegulationonuniformprovisionsconcerningtheapprovalofvehicleswithregardtocybersecurityandoftheircybersecuritymanagementsystems;UNECE,ProposalforanewUNRegulationonuniformprovisionsconcerningtheapprovalofvehicleswithregardtosoftwareupdateprocessesandofsoftwareupdatemanagementsystems.

Cybersecurityinautomotive7

WhatisUNECE’sroleinregulatingautomotive

cybersecurity?

TheWorldForumforHarmonizationofVehicleRegulations(WP.29)isaworldwideregulatoryforumwithintheinstitutionalframeworkoftheUNEconomicCommissionforEurope(UNECE).Itestablishesregulatoryinstrumentsconcern-ingmotorvehiclesandmotorvehicleequip-mentinover60marketsglobally,basedon

threeUNagreementsadoptedin1958,1997,and1998.

Atthetimeofwritingthisreport,UNECEisdraftingaproposalfortwonewUNregulations.Thefirstregulationisonuniformprovisions

concerningtheapprovalofvehicleswithregardtocybersecurityandcybersecuritymanage-

mentsystems.Thesecondregulationisonvehiclesoftwareupdateprocessesandsoft-wareupdatemanagementsystems.Foreaseofreadability,we’llrefertobothregulationsastheUNECEWP.29regulationsoncybersecurityandsoftwareupdatesthroughoutthisreport.

OncethisproposalisacceptedbyUNECEandtheregulationsareadoptedbyitsmember

countries,OEMswillberequiredtoimplementspecificcybersecurityandsoftware-updatepracticesandcapabilitiesforvehicletypeapprov-als–effectivelyrenderingcybersecurityanonnegotiablecomponentoffuturevehicles.

Exhibit2

Carsinover60countrieswillbeaffectedunderthenewWorldForumforHarmonizationofVehicleRegulationsframeworkoncybersecurityandsoftwareupdates

WorldForumforHarmonizationofVehicleRegulations(WP.29)undertheUNEconomicCommissionforEurope(UNECE)

Countriespartytothe1958agreement1(asofDecember2018)

1“AgreementconcerningtheAdoptionofHarmonizedTechnicalUnitedNationsRegulationsforWheeledVehicles,EquipmentandPartswhichcanbeFittedand/orbeusedonWheeledVehiclesandtheConditionsforReciprocalRecognitionofApprovalsGrantedontheBasisoftheseUnitedNationsRegulations”(originalversionadoptedinGenevaonMarch20,1958)

Source:UNECEECE/TRANS/WP.29/343/Rev.27–StatusoftheAgreement,oftheannexedRegulationsandoftheamendmentsthereto–Revision27

Cybersecurityinautomotive8

2.Theautomotive

industryisrethinkingcybersecurity

alongtheentirevaluechain

Cybersecurityinautomotive9

Gettingcybersecurityrightrequireseffortsfrommultiplepartiesalongthevaluechain,fortheentiredigitallifecycleofmodernvehicles

Ultimately,OEMsareresponsibleforthehomo-logationoftheirvehiclesanddemonstratingtheiradherencetoregulationsandmandatorylegal

requirements.However,sinceOEMssourcea

largeshareoftheirvehiclecomponentsfrom

suppliersandsemiconductormanufacturers,

theirupstreamvaluechainpartnerswillalsobe

requiredtofollowandimplementstate-of-the-

artpracticestomitigatecybersecurityrisksand

producevehiclesthataresecurebydesign.Thesepartnersmustprovideevidenceofadheringtothe

regulationstosupportthetype-approvalprocess,whichistheresponsibilityoftheOEM.LookingatthecurrentdraftsoftheUNECEWP.29regu-lationsoncybersecurityandsoftwareupdates,itbecomesevidentthatthevaluechainisaffected

acrossfourareas(seeExhibit3):

—Cyber-riskmanagement.Automotiveplayersmustensureend-to-endcyber-riskmanage-mentandidentifyrelevantcyberrisksintheirvehicletypes(andinadjacentecosystem

componentsthatmightimpactvehiclesafetyorsecurity)andensurethattheyimplementmeasurestomitigatesuchrisks.Thisincludesreactingtoevolvingthreats.

—Securitybydesign.OEMsmustdevelopsecurevehiclesfromsteponebyadoptingstate-of-the-artpracticesinhardwareandsoftwareengineering,andensuringthatvehicletypes(andadjacentecosystemcomponentsthatmightimpactvehiclesafetyorsecurity)aredesigned,built,andtestedforsecurityissuesandanycyberrisksaremitigatedproperly.AlthoughOEMsareultimatelyresponsibleforcybersecurity,allparticipantsinthevaluechainneedtocontribute.

—Detectionandresponse.Vehiclemanufacturersmustbeabletodetecttechnicalvulnerabilitiesandsecurityissues(e.g.,cyberattacks)intheirvehiclesandadjacentecosystemcomponents(e.g.,thebackendorthird-partyservices)thatmightimpactvehiclesafetyorsecurity.

—Safeandsecureupdates.Automotiveplayersmustbeabletorespondtoanydetectedsecurityeventandprovidesoftwareupdatestofixsecu-rityissues.Todoso,theymustsystematicallyidentifytargetvehiclesforupdatesandensurethatsoftwareupdateswillnotharmcertifiedsafety-relevantsystemsandarecompatiblewiththevehicles’configuration.

Cybersecurityinautomotive10

Exhibit3

TheUNECEregulationisbrokendowninto4concreteareasof

cybersecurityandspansacrosstheentirevehiclelifecycleSIMPLIFIED

Connected-carlifecycle

DevelopmentProductionPost-production

Cyber-securitylifecycle

Manage

vehicle

cyberrisks

Identifyandmanagecyberriskstocertainvehicletypesacrossthesupplychain

Ensuretestingofsecurityofsystems

Reacttonewandevolvingcyberthreatsandvulnerabilities

Secure

vehicles

bydesign

Ensuresecurityinthedetaildesignphase,testinformation,andcollectevidenceacrossthefullsupplychain

Analyzecyberthreatsandcreatearisktreatmentplan

Buildsecurityintosystemdesignandcontainknownvulnerabilitiesin(re)usedHW/SW1components

TestthesecurityofHW/SW1

components(e.g.,withvulnerabilityscans,pentesting,codeanalysis)

ProtecttheintegrityofHW/SW1componentsfromsuppliers(e.g.,withcontractualclauses)

Protectaccesstotheproductionenvironment

(e.g.,softwareserversandtheflashingprocess)andunitsreceivedfromsuppliers

Detectandrespondtosecurity

incidents

Monitorandrespondtocyberattacksonvehiclesandtheirecosystem

Provide

safeandsecure

softwareupdates

Ensurefulltraceabilityofsoftwareversionsandvehicleconfigurationalongthevehiclelifecycle(initialandupdatedsoftware/configuration)

Identifytargetvehiclesforupdatesandassessimpacttocertifiedsystemsandcompatibilitywithvehicleconfiguration

Providesoftwareupdateswithout

impactingsafetyandsecurityimpact

1Hardware/software

Source:UNECEWP.29,“DraftRecommendationonSoftwareUpdatesoftheTaskForceonCybersecurityandOver-the-airissues,”ISO/SAE21434:2018committeedraft;McKinsey

Cybersecurityinautomotive11

Whilecertainpracticesarealreadyinplacetoday,theupcomingregulations,higherlevelsofenforce-ment,andpotentialliabilityimplicationswillrequireamuchmoreexplicitagreementbetweenpartiesalongtheautomotivevaluechainonwhatexact-lyisexpectedofeachother.Toadheretothis

higherlevelofrigor,weareexpectingautomotiveplayersto:

—Defineclearrolesandresponsibilitiesforvehiclecybersecurity(notjustenterprisecybersecurity)andestablishinterfacesandpointsofcontactforvehiclecybersecuritybetweenplayers

—Agreeonaminimumsetofcyber-riskmanage-mentandcybersecuritypracticesincon-tractualagreementsandderivemeasurableservicelevelssimilartowhathasbeengoodpracticeinotherdimensionsofvehiclequality(e.g.,safety)

—Clarifyorganizational,technical,andlegal

(e.g.,IP)prerequisitesthatallowsecuritytestingandattestationofvehiclesoftwaresecurityoftheentireE/EvehiclearchitectureordowntotheindividualECU.

However,securitydoesnotstopattheproductionofvehicles–itisimportantthroughouttheentirevehiclelifecycle,assecurityvulnerabilitiescanbediscoveredatanygiventime.ItwillrequireOEMsandsupplierstocontinuallydetectandreactto

securityissuesuntilvehicleshavereachedtheirendoflife,justasweexpectaircraftorengineman-ufacturerstocontinuouslymonitortheiraircraftsandenginestodetectandfixanyoperational,

safety,orsecurityissuesforaslongasthatequip-mentisinusebyanyowner.

Cybersecurityinautomotive12

Newstandardswillraisethebarforvehiclecybersecurityandallowforindependentattestationofanauto-motivecompany’ssecuritypractices

Currently,onlynarrowstandardsandguidelinesexistforspecifictechnicalproceduresforsecuringhardwareandsoftwareinvehicles,e.g.,standardsforhardwareencryptionorsecurecommunicationofECUs(seeExhibit4).WhiletheUNECEWP.29regulationsoncybersecurityandsoftwareupdates

setanorganizationalframeworkandminimumrequirementsthatimpactallautomotiveplayersalongthevaluechain,theydonotprovideanydetailedguidanceonoperationalpractices.

However,thenewISO/SAE21434standard,

“Roadvehicles–cybersecurityengineering,”(stillaworkingdraft)isseenbyindustryexpertsasthefirststandardthatlaysoutclearorganiza-tional,procedural,andtechnicalrequirementsthroughoutthevehiclelifecycle,fromdevelopmenttoproductiontoafter-sales.Inparallel,theISO/

Exhibit4(1/2)

Unlikeinotherindustries,cybersecurityhasremainedunregulatedintheautomotiveindustrybeyondgeneralITregulations

Regulation/law

Standard

Bestpractice/framework

Draft/notpublished

Ecosystemcomponent

OperatingtechnologyInformationtechnology

OrganizationConnectedcar

OEMproductionOT

Vehicleinfrastructure

OEMback-endservices

AutomotiveplayerenterpriseIT

AUTOMOTIVEENGINEERING

UNECE

WP.29regulationoncy

bersecurityandsoftware

updates

NHTSA

CybersecurityBestPract

icesforModernVehicles

AutomatedDrivingSystems2.0

VDA

InformationSecurityAssessment

IPA

ApproachesforVehicleInformationSecurity

MIIT

NationalGuidelinesfor

DevelopingtheStandar

dsSystemoftheTelema

ticsIndustry

AutoSAR

SecureOnboardCommunications

ISO

ISO26262

ISO/SAE21434

ISO/AWI24089

ISO/AWI24089

SAE

SAEJ3061

SAEJ3101

AUTOSIG

AutomotiveSPICE

AutoAlliance

ConsumerPrivacyProt

ectionPrinciples(CPPP)

forVehicleTechnologies

andServices

Cybersecurityinautomotive13

AWI24089standard,“Roadvehicles–softwareupdateengineering,”isalsocurrentlyunderdevel-opment.Althoughitisnotdedicatedtocyber-security,weexpectittocontaincybersecurity-relatedcontent.Afirstdraftisexpectedbymid-2020andsomemoretimewillbeneededtofinalizeit.

Thesestandardswillallowtheindustrytoimplementcommoncybersecuritypracticesspecifictovehicledevelopmentandmanufacturing.Theywillalsoallowanassessmentofadh

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論