UL Solutions, a renowned provider of applied safety science solutions, has recently awarded LG Innotek the first Cybersecurity Assurance Program Certificate for ISO/SAE 21434:2021, which is a standard for Cybersecurity Engineering in Road Vehicles. This recognition indicates that LG Innotek has successfully fulfilled the requirements of the standard and has an effective cybersecurity management system in place.
The international standard provides a framework for developing cybersecurity for road vehicles. It was jointly developed by the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE) to establish a common set of guidelines and practices for automakers, suppliers, and other stakeholders in the automotive industry to mitigate the risks of cyberattacks on vehicles. The standard covers the entire vehicle lifecycle, including design, development, production, operation, maintenance, and decommissioning. Its goal is to ensure that the cybersecurity of road vehicles is adequately addressed and managed in a consistent, risk-based manner. The standard also provides guidance on how to incorporate cybersecurity requirements into existing quality management systems.
"Cybersecurity risk management frameworks empower manufacturers to demonstrate that they prioritize cybersecurity and have mitigation measures in place in case of incidents or breaches," said Jody Nelson, managing director of Automotive Cybersecurity and Functional Safety at UL Solutions. "This proactive approach builds trust among buyers, which is fundamental to building valued brands. Congratulations to LG Innotek for achieving the first CAP certificate issued for the automotive industry. This milestone showcases LG Innotek's commitment to building a process that meets requirements set by current automotive cybersecurity standards."
UL Solutions assists automotive OEMs and suppliers in evaluating cybersecurity risks across the entire life cycle of their products helping to detect potential issues in the design phase, thereby preventing the discovery of problems in the final product.
According to the 2021 Global Automotive Consumer Study published by Deloitte, a significant number of consumers surveyed expressed concerns about the potential risks of cyberattacks on their connected car systems. The study, which gathered data from over 24,000 respondents, revealed that 66% of participants in India, 64% in the United States, and 58% in China are worried about the safety implications of automotive cybersecurity threats. These findings underscore the critical need for automakers to prioritize the development and implementation of robust cybersecurity measures to safeguard their customer's personal information and physical well-being.
In light of the expanding intricacy of connected vehicles, the task of mitigating cybersecurity risks has become increasingly demanding. Therefore, it is crucial to have a comprehensive understanding of the regulations, such as ISO/SAE 21434:2021 and UN Regulation No. 155, Cybersecurity and Cybersecurity Management System, that guide the development of a risk management framework.
UN Regulation No. 155 is a regulatory framework developed by the United Nations Economic Commission for Europe (UNECE) to establish minimum cybersecurity requirements for connected vehicles. The regulation applies to passenger cars, commercial vehicles, and buses, and covers the entire lifecycle of these vehicles, from design and production to maintenance and decommissioning. Its main objective is to ensure that connected vehicles are designed and manufactured with adequate cybersecurity measures to protect them from unauthorized access, tampering, and malicious attacks. The regulation requires automakers to implement a comprehensive cybersecurity management system, including risk assessment, security controls, incident response, and system monitoring.
These regulations are carefully crafted to facilitate risk assessment at the early stages of development, proactively tackle cybersecurity challenges as they arise, and monitor progress over time. By adhering to these regulations, organizations can ensure that their connected vehicles are in line with the latest industry standards, and are safeguarded against potential cyber threats.