New regulations in the automotive industry recognize the truth about today’s connected vehicles: they run on electronics as much as on mechanics. The summer of 2024 will mark a significant rise in the cybersecurity expectations of automotive original equipment manufacturers (OEMs). The arrival of these EU regulations elevates the important role of encryption key management systems (KMS) in achieving compliance.
UN Regulation No. 155 (UNECE R155) on cybersecurity and cybersecurity management systems entered into force in the EU for all “new vehicle types” in 2022 but will apply to all “new vehicles” starting in July 2024, officially ushering in a new era of automotive cybersecurity.
Paired with UN Regulation No. 156, which focuses on software updates and their respective management systems, UNECE R155 takes into account the new reality of automobiles today—namely their reliance on software updates and interconnected systems.
Over-the-air updates and device-to-device communication multiply potential access points for cyberattacks. Because of the interplay between devices and between systems, one vulnerability can give cybercriminals sweeping control. And when hackers have control, vehicle users do not, a high-consequence scenario.