search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Standards & Regulations


Pairing automotive regulations with trusted standards for optimal compliance


By Thorsten Stremlau, Trusted Computing Group (TCG) T


he automotive sector continues to experience rapid changes in regard to in-vehicle connectivity, with the ongoing digitalization of vehicles having led to significant changes to both vehicle design and operation. For example, 97 per cent of new cars found across the globe (1)


are equipped with at least one


built-in touchscreen to serve as the backbone for connectivity, while 4.5 million self-driving cars (2)


will be on U.S. roads by 2030. Yet in the background, trouble is brewing. Despite the clear benefits it brings, digitalization has also brought a whole new wave of cyber threats to the automotive industry. Compounding these issues is the fact cybersecurity is often considered the sector’s Achilles heel. With hackers now able to access and manipulate everything from screens and steering to airbags and a vehicle’s breaking system, greater protection against these types of threats is pivotal.


The growing threat landscape The use of Internet of Things (IoT) and other connected devices is no longer a new concept, but ever since they were implemented there have been attacks. In many cases, hackers have already demonstrated their ability to bypass infotainment systems to gain access to the vehicle. As recently as September 2024, researchers found a flaw within a Kia web portal (3)


that enabled them to track millions


of cars, unlock doors and even start the engines remotely.


As the features found within vehicles evolve, so too do the threats drivers face. Take Advanced Driver Systems (ADAS) for example, which uses LIDAR and RADAR technology to provide real-time monitoring of a vehicle’s surroundings, automatically intervening when required. ADAS has become an appealing target for hacking groups who can exploit the often unprotected internet connectivity required for the system, as it lacks sufficient or effective authentication and encryption to repel attacks.


Yet ADAS is a focal point in modern electric 36 June 2025


vehicles (EVs). As of December 2024, there were approximately 1.3 million EVs within the United Kingdom alone (4)


, with battery-electric


vehicles accounting for 19.6 per cent of all new car registrations. With EVs the issue is twofold; not only can hackers use ADAS as a gateway for attacks, but threats can also arise from the use of charging stations.


The problem with charging By 2030, over 2.2 million public chargers (5) are expected to be required to support EVs within the United States. From a security standpoint, this may lead to some harrowing results, as charging stations – also known as Electric Vehicle Supply Equipment (EVSE) – can also provide the means for hackers to gain unauthorized access to vehicles. Due to inherent security flaws within EVSE technology, attackers are capable of


Components in Electronics


executing ‘denial of service (DoS)’ attacks to remove an owner’s access to equipment, leaving them unable to charge their car. These can also be used to infiltrate the communication taking place between the vehicle and the charger and obtain sensitive information about the owner which can then be exploited by an attacker for financial gain. It’s not just the threat to the vehicles either. If hackers have compromised EVSE, they can remotely switch the charger to be always on. In singular incidents this might not be alarming, but now imagine if hundreds or thousands of charge ports were on at the same time. Each EVSE is connected to the energy grid, meaning that this constant drain can quickly deplete the supply of a nation’s energy supply and significantly damage a key element of critical infrastructure.


Overcoming attacks through regulations


Therefore, it should come as no surprise that policymakers continue to act to try and meet these threats head-on. Within the United Nations, these efforts were demonstrated through UN Regulation 155 (6)


, which came


into effect in July 2022. Applying to all new vehicles which have been sold since July 2024, it demands that vehicle manufacturers must effectively manage and mitigate cybersecurity risks uncovered in the vehicles they create throughout its lifecycle.


The regulation was created to align with the ISO/SAE 21434 (7)


international


standard, often considered the ‘reference point’ for automotive security. At its core, UN Regulation 155 is focused on the implementation of a cyber security management system (CMCS), which can


www.cieonline.co.uk


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56