The automotive industry has changed rapidly in recent years with the advent of new technologies. The ever-increasing connectivity of vehicles with sensors, applications and wireless networks presents opportunities for convenience and efficiency, but also serious security challenges. New technologies such as advanced driver assistance systems (ADAS), vehicle-to-vehicle (V2V) communications and autonomous driving are increasing the complexity and interconnectivity of vehicle systems. Cars increasingly rely on sophisticated electronic systems and software that control everything from safety and handling to passenger entertainment. In this context, automotive cybersecurity is becoming a critical factor in ensuring the safety of vehicles and their occupants.
 
With the rise of computerisation and connectivity in the automotive industry, the security of software in cars is becoming an increasingly important topic. Vulnerabilities in software security can be exploited by malicious actors to remotely take control of a vehicle, steal personal data or sabotage vehicle functions, which can have serious consequences for occupant safety.
 
To address these challenges, the automotive industry is taking steps to improve the security of automotive systems and has initiated the creation of standards. The International Organization for Standardization (ISO) has developed the ISO/SAE 21434 Standard Road Vehicles – Cybersecurity Engineering, which provides guidance for the development, implementation and management of cybersecurity in the automotive industry. The standard provides a framework for automotive cybersecurity that covers the entire vehicle development lifecycle, from conception through to the decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces. ISO/SAE 21434 provides recommendations for automotive cybersecurity engineering, including processes for risk assessment, vulnerability management, security testing and more.
 
In addition to ISO/SAE 21434, the automotive industry implements other cybersecurity standards such as IATF 16949 and TISAX.
IATF 16949:2016 is an international quality management system standard developed specifically for the automotive industry. The standard is based on ISO 9001:2015 and adds industry requirements focused on product and process quality in the automotive supply chain. IATF 16949 aims to establish a total quality management system that promotes continuous improvement, defect prevention, and reduction of variability and waste in the automotive supply chain.
 
The clauses of IATF 16949 emphasize a process approach to quality management, meeting specific customer requirements, supplier evaluation, measurement and analysis, continuous improvement, product safety, and active management and employee participation. The standard has requirements for identifying and managing risks, including cybersecurity risks in the supply chain. Certification to IATF 16949 is recommended for organizations that want to achieve compliance with quality requirements imposed by leading automotive manufacturers. It contributes to better consistency, quality and reliability in the automotive supply chain and promotes product improvement and customer satisfaction.
TISAX is a mechanism for assessing and exchanging cybersecurity information between companies in the automotive industry. TISAX (Trusted Information Security Assessment Exchange) provides a framework for assessment and information exchange based on widely accepted cyber security standards such as ISO/IEC 27001. This mechanism allows companies to conduct security assessments of their systems and processes against defined criteria, covering various aspects of information security such as physical protection, access management, cryptography, network protection, etc. Following a successful assessment, companies can share their results with other TISAX participants, helping to increase confidence and security in the industry.
 
By implementing TISAX, automotive companies can improve their data security and information technology practices to protect privacy, prevent cyber-attacks and maintain the trust of customers, partners and suppliers.
 
The risks of cyber-attacks on vehicles will increase in the future with the development of autonomous vehicles. Driverless cars and connected systems require the highest standards of security, as even a single vulnerability can lead to serious incidents. Automakers, automotive parts and components manufacturers and their suppliers must prioritise security and invest in the implementation of state-of-the-art technologies and standards to protect automotive systems. To ensure the safety of passengers and their data, manufacturers and suppliers must work together to create reliable and secure automotive systems that can withstand modern cyber threats.