Identifying Cybersecurity Focus Areas in Connected Cars Based on United Nations Regulation No. 155 Attack Vectors and Beyond
2022-01-0141
03/29/2022
- Event
- Content
- The arrival of 5G will enable vehicles to become better connected. In order to allow this evolution to manifest safely, the UNECE World Forum for Harmonization of Vehicle Regulations (WP.29) introduced the United Nations Regulation No. 155(UN-R155) this January, with expectations that at least 54 countries will mandate it starting July 2022. This regulation provides 69 attack vectors manufacturers are required to secure against, although it does not include specific countermeasures. Security methods and corresponding technologies change with time and are influenced by evolving connected car technologies as well as the threat landscape. Implementing effective cybersecurity means conducting a thorough risk analysis and prioritizing what needs to be achieved. Trend Micro Research conducted a risk analysis on each of the 69 attack vectors from a current and future perspective. In addition, we went beyond the attack vectors listed in UN-R155. Using our own analysis and insights, we brought to attention other attack vectors that were outside the scope of UN-R155 and recommended an overall security approach. Our research will help the audience effectively prioritize how to address the 69 attack vectors and other identified threats regardless of whether their target market country mandates UN-R155. Our presentation includes • A look into the current connected car ecosystems and how they will evolve with the arrival of 5G. • Expert risk analysis and insight into 69 attack vectors listed in UN-R155 by WP.29. • Our forecast on how the risk levels of the 69 attack vectors will evolve in the future, along with a breakdown of our predictions. • The top five attack vectors the automotive industry should focus on, based on our risk analysis. • Additional focus areas, along with the identified 69, that should also be given consideration. • Guidelines and recommended approaches for protecting connected cars.
- Citation
- Huq, N., and Vosseler, R., "Identifying Cybersecurity Focus Areas in Connected Cars Based on United Nations Regulation No. 155 Attack Vectors and Beyond," SAE Technical Paper 2022-01-0141, 2022, .