September 22, 16:00 - 16:30 with Dr. Thomas Liedtke, Kugler Maag
Automotive Cybersecurity Management System - Implementation Experiences
For the homologation of new vehicle types, manufacturers must have their cybersecurity process capability certified as of July 6, 2022. The processes of the cybersecurity management system must cover all phases of the vehicle life cycle as well as the entire supply chain. Requirements for processes come from the ISO/SAE 21434:2021 standard and UNECE reg [155]. Question catalogs as in the VDA ACSMS and ISO/PAS 5112 describe the auditing. The standards are interlinked and complement each other to form an overall picture.
All suppliers will also have to set up a corresponding management system in the future. Based on the experience of various projects (OEM, TIER 1, ...), common features of possible implementation architectures are explained.
Essentially, the required processes can be divided into three pillars:
1. extensions of existing development processes (e.g. additional test methods)
2. new processes for the core of the CSMS (e.g. vulnerability assessment and management)
3. new processes for a (Vehicle) Cybersecurity Operation Center (e.g. monitoring and incident management) to secure the products in the field.
The interaction of the processes and the classification of the management system areas is presented. Tips are given on design from both a generation and auditor perspective. An overview of which types of audits/assessments and objectives suppliers can expect will be presented.