Accessibility Tools

  • Content scaling 100%
  • Font size 100%
  • Line height 100%
  • Letter spacing 100%
×

Message

Failed loading XML...

Cyber Security
Management
Systeme (CSMS)

Discover a new safety dimension for vehicles

msg Plaut is your partner for cybersecurity in the automotive sector

The automotive industry is experiencing a revolution thanks to autonomous driving, connectivity, electric drives and innovative mobility solutions. Modern IT systems are at the heart of these advances. A modern car can contain up to 150 control units and around 100 million lines of code - and the end has not yet been reached: experts expect this figure to rise to 300 million lines of code by 2030.

The increasing networking of control units and access via external sources pose challenges for cyber security. Proven hacks by security experts have put the issue of cyber security at the centre of OEMs' attention.

Do you have questions?

Stefan Wachter

DI Stefan Wachter
Business Competence Center Mobility Solutions

Harmonised standards against cyber threats

The demand for uniform security standards is becoming ever louder. The EU Cybersecurity Act introduced in 2019 has created a UNECE working group that deals with Cyber Security Management Systems (CSMS) and Software Update Management Systems (SUMS) and aims to harmonise vehicle regulations worldwide.

A certification for Cyber Security Management Systems (CSMS) was created in cooperation with the International Organisation for Standardisation (ISO) and the Society of Automotive Engineers (SAE), which will be mandatory for all newly produced vehicles from 2024. The aim is to establish a structured process for the CSMS at car manufacturers and to set a standard against cyber threats in the automotive industry. This standard raises the requirements for cyber security from individual features to a holistic management system.

Certified cybersecurity as an approval criteria

The principles established in UN Regulation 155 and the ISO/SAE 21434 standard are required for type approval in all UNECE (United Nations Economic Commission for Europe) member states and recognising third countries.

The ISO/SAE 21434 standard covers four key areas:

Management of cyber risks from the vehicle environment

Inherent safety of the vehicle and its value chain

Establishment of a cybersecurity incident response system

Remote software updates to ensure up-to-date software

A certified Cyber Security Management System (CSMS), which must be confirmed by independent auditors, is required for the approval of new vehicle types for both OEMs and suppliers. This system must also be capable of remote software updates.

The standard distinguishes between a CSMS at organisational level and its application at product level. Organisations can refer to the sections of the ISO/SAE 21434 standard that address the creation and management of a CSMS, risk assessment methods, the integration of cyber security into product development as well as production, operation and maintenance. This ensures that cyber risks are appropriately identified, assessed and addressed throughout the entire life cycle of a vehicle.

A cyber security management system comprises various processes at organisational and project level. The aim is to identify, assess and deal with cyber risks in a timely manner throughout the entire life cycle of a vehicle. The CSMS must be validated together with a SUMS (Software Update Management System) by an independent third party in order to obtain type approval. The implementation of UN Regulation 155 covers several areas - from the concept phase to product development, the management of cybersecurity systems, risk assessment methods, production, operation and maintenance through to supporting processes

Experts for IT and the automotive industry

Our experts have extensive IT and industry knowledge and support you in identifying relevant regulations, evaluating company-specific processes and homologation procedures, right through to obtaining type approval. We offer consulting, conceptualisation, technical specification and the implementation of IT systems - we will accompany you along the way!

Do you need support with the implementation
of the European NIS 2 Directive?

Our experts will be happy to support you with the implementation:

  • Development of a compliance strategy
  • Gap analysis and options for action
  • Support with compliance
  • Compliance training

Blog: The Cybersecuity Compass

Ayhan Mehmed and Natalia Petrova-Korudzhiyski are constantly presenting new and trending
cybersecurity topics in their blog. You can find all episodes here:

Blog: The Cybersecuity Compass - Episode 06
Blog: The Cybersecuity Compass - Episode 05
Blog: The Cybersecuity Compass - Episode 04
Blog: The Cybersecuity Compass - Episode 03
Blog: The Cybersecuity Compass - Episode 02
Blog: The Cybersecuity Compass - Episode 01

Would you like more information? We are happy to help you!

Get in touch with us!

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input

Stefan Wachter

DI Stefan Wachter
Business Competence Center Mobility Solutions