White Paper: Cybersecurity Management for Software-Defined Vehicles

Software-defined vehicles are taking over the automotive industry. How can OEMs and software providers manage cybersecurity for these computers on wheels?

Vehicles today are becoming increasingly software-defined, with an average car containing up to 150 electronic control units (ECU) controlling different functions. Additionally, applications such as Advanced Driver-Assistance Systems (ADAS) and in-vehicle infotainment (IVI) are becoming some of the most crucial evaluation factors for vehicles, all of which can be updated via over-the-air (OTA) updates.

While software enables greater depth and breadth to what a connected vehicle is capable of, it also expands the cumulative area in which a vehicle needs cybersecurity. As mandated by WP.29 and required for ISO/SAE 21434, software-defined vehicles (SDV) must be accompanied by thoughtful cybersecurity management practices throughout their entire product lifecycles, from development to testing, and manufacturing to consumption.

Unlike cybersecurity in traditional computing, a large part of securing SDVs lies in their development stage. This is when rigorous security tests are conducted to search for threats and vulnerabilities.

This white paper explores the following topics:

How to comply with major global regulations with regard to cybersecurity management for SDVs?
What are the crucial components of cybersecurity management for SDVs?
How is vulnerability testing conducted for SDVs? What are some tools and strategies used for software vulnerability management?
How can AUTOCRYPT’s in-vehicle systems security solution help OEMs establish a streamlined cybersecurity management process at all stages of the vehicle lifecycle?