Connected transport is the future of redesigned mobility. Plane, train, bus and car, all multimodality is affected by digital developments.
The connected vehicle, thanks to the feedback and analysis of data, intends to make transport smoother in overcrowded cities, while playing a key role in terms of safety, eco-driving, reduction of fuel consumption and of the carbon footprint. Since 2018, the European Commission has required car manufacturers to equip all their new vehicles with an automatic emergency call system called eCall (emergency call) or eCall112. This system aims to reduce the response time of emergency services by 50% in rural areas. and up to 60% in urban areas. Thanks to these connected tools, more lives could be saved. The entire fleet should be equipped by 2035.
This world of interconnected transport must also meet the new challenges of rampant digitization and tackle the cyber threat. Thanks to these digitized interfaces and to the multiple information systems and sensors, hijacking a vehicle, an airplane, paralyzing an airport, derailing a train or creating a road accident by cutting off the dissemination of signaling information reported are all likely. proven, because, for some, already verified.
And the stakes are high. In France, SNCF transports 9 million people on board 17,000 trains every days, or in Ile-de-France, the equivalent of an A380 which takes off every seven seconds. Globally, 11 billion tonnes of goods pass through the sea each year (source: McKinsey 2020).
For the automotive market, Mc Kinsley points out that cars today contain more than 100 million lines of code! A figure which should triple by 2030. An airliner contains some 15 million lines of code, and the operating system of a standard PC about 40 million.
Also, unsurprisingly, Gartner 2019 announces a very strong growth global automotive cybersecurity market: from $ 2.4 billion in 2019, it should flower with $ 6 billion by 2025.
Powerful international standards
With increased awareness, the automotive market is regulating its international ecosystem through dedicated analyzes. Standards hatch with a strong desire to regulate by constraint. The global auto industry must protect its infrastructure from cybercriminals, whose goal is to steal data and take control of automated systems for malicious purposes.
Thus, in the United States, in 2016, the Committee for the Engineering of Vehicle Cybersecurity Systems published the Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, a cybersecurity manual for connected vehicle systems, which defines a framework for all lifecycle processes. Thus, every organization can integrate cybersecurity into connected vehicle systems, from the design phase to production, use, maintenance and dismantling.
The WP.29 working group of the United Nations Economic Commission for Europe (UNECE) published a regulation in June 2020 establishing rules and obligations for car manufacturers. The latter should be applied from July 2022 for all new vehicles in Europe. Car manufacturers must therefore demonstrate that they have properly implemented processes to assess the cyber risks weighing on their vehicles and comply with all cybersecurity requirements before they can be marketed.
To go further, a new international standard should see the light of day soon. Based on American work, ISO and SAE have thus joined forces, which will give rise to the proposed ISO / SAE 21434 standard – Road vehicles – Cybersecurity engineering – so that the automotive industry can deliver vehicles equipped with highly secure systems and software. This standard will allow organizations to define cybersecurity policies and processes, manage cybersecurity risks and promote a culture of cybersecurity.
To achieve the level of quality assurance required before the start of production of future vehicles, manufacturers must equip themselves with simplified, integrated, dynamic and continuous risk assessment, analysis and management tools. All EGERIE teams have thus mobilized, for a year, in order to be able to support car manufacturers in the implementation of this new international standard ISO 21434. Centralizing, communicating and collaborating are the 3 pillars that we are deploying with the car manufacturers whom we support in an active co-construction process.
Finally, this standard describes a framework that will improve collaboration in cybersecurity in the automotive sector and thus lead to the development of technologies and solutions that better respond to constantly evolving cybersecurity problems. Information sharing between manufacturers is indeed a necessity. While this cooperation seems to be well under way in the United States, where players in the automotive industry share and analyze various information on the vulnerability of vehicles, and contribute to the improvement of cybersecurity technologies, the approach must extend to the global scale.
The United Nations already considers this standard to be a reference document for the implementation of cybersecurity management systems (CSMS), a requirement of the organization’s recently adopted regulations for cybersecurity in vehicles. New work has also started on a publicly available specification, ISO / PAS 5112, detailing the guidelines for auditing organizations in cybersecurity engineering.
The ultimate goal is the generalization of the standard in the current engineering practices of the sector, as well as a better knowledge of the issues. This will notably involve the integration of the standard into the training program for future engineers. Promoting a culture of cybersecurity starts from the start!