Supporting UNECE R155 With Embedded Software From Vector
The UNECE R155 requires vehicle manufacturers (OEMs) to introduce a Cybersecurity Management System (CSMS). A CSMS is a collection of processes deployed by companies to manage the cybersecurity risks related to cyberattacks throughout the vehicle's lifecycle. Its implementation by the OEMs must be verified by an independent technical service during type approval of a new vehicle type.
Embedded Software To Implement the Security Requirements
The OEMs are required to provide mitigation measures against cyber-attacks according to their cybersecurity risk assessments. These mitigations need to be considered in both software specification and implementation. The embedded software from Vector offers the desired functions to implement the specified measures such as cryptographic mechanisms that ensure the confidentiality, integrity and authenticity of data.
Vector’s CSMS Was Successfully Audited
An OEM must demonstrate that the risks related to cybersecurity in the supply chain are identified and managed. To support you in overcoming this challenge, Vector has established a CSMS. This was successfully audited by an external, independent company. We will provide you with the CSMS audit certificate on request.
The UNECE R155 requires OEMs to regularly submit cybersecurity information - such as identified vulnerabilities - to the authorities. Vector supports you in meeting this requirement by providing issue reports and bug fixes.
Coverage of the Mitigations per Product
The UNECE has listed several mitigations which have to be considered when designing and implementing vehicle software. The table below shows how the embedded software products MICROSAR Classic, MICROSAR Adaptive and the Flash Bootloader from Vector provide functionality for implementing the mitigations.
Consulting on UNECE R155
Do you have questions about the UNECE R155 in general? E.g. How to prepare for Certification Assessments? How to efficiently implement the UNECE standard for CSMS? How to conduct process assessments for existing CSMS solution?