Advances in automotive technology introduce increased risk
Automotive technology is evolving rapidly from infotainment systems and operational sensors to mobile app integrations and full driving automation. Modern vehicles have up to 150 electronic control units and 100 million lines of code. By the year 2030, many observers expect them to have roughly 300 million lines of software code. In comparison, mass-market personal computer software has close to 40 million.1 While each line of code and point of connectivity enhances functionality and usability, they also introduce the risk of breaches and cyberattacks.
Interconnected products and systems can be targeted by attackers who manipulate software vulnerabilities and weak links in ecosystems. In automotive, a cyberattack introduces additional risk to public safety, which is why building cybersecurity into connected products and systems is crucial to the safe adoption of modern automotive technologies.
UL can provide guidance and support to help original equipment manufacturers (OEMs) and automotive component and system manufacturers navigate complexity and develop a framework for automotive cybersecurity standards and best practices. Through expert gap analysis, training and advisory services, we help you identify and manage software vulnerabilities and cyber risk, leading to more trustworthy and secure innovations with improved market access across the globe.
Cybersecurity across automobile connectivity
We work with OEMs and component manufacturers across a myriad of connectivity compliance areas including:
- Dual-band Wi-Fi
- GPS/Global Navigation Satellite System/BeiDou
- 4G/5G cellular connectivity
- Infotainment center
- Subscription-based communications
- Vehicle to everything (V2X)
- Maintenance cellular radio system
- Tire pressure monitoring
- Remote keyless entry and ignition
- Onboard diagnostics
- Light detection and radar
Automotive cybersecurity training and education
We offer courses to help product owners and automotive engineers and developers understand security processes, related standards and the impact on the automotive industry. Our expert instructors deliver training and education on the following topic areas:
- Automotive cybersecurity best practices
- Principles of risk management
- Threat modeling and analysis
Testing to applicable cybersecurity standards for automotive cybersecurity
Automotive cybersecurity auditing and testing
We conduct cybersecurity hardware and software testing on automotive components and systems to help customers understand their product’s exploitation risk and to validate their security measures. We also audit cybersecurity management systems for compliance with industry requirements including ISO/SAE 21434 and WP.29 to help customers understand where they are in their cybersecurity maturity.
Automotive cybersecurity advisory
Our advisory and gap analysis compare cybersecurity management systems against UNECE WP.29 regulations and ISO/SAE 21434 requirements. We then provide detailed documentation to assess and design road maps and frameworks to help you work toward compliance. Our advisory services include:
- Gap analysis
- Cybersecurity management systems framework
- Software update management systems framework
- Risk management framework
- Threat analysis and risk assessment framework
- Cybersecurity incidence monitoring and evaluation
- Supply chain management
Expert understanding of cybersecurity requirements
UL has extensive expertise in cybersecurity with a global network of IoT and OT security laboratories, security experts and advisors with specialized expertise in global security standards, frameworks and best practices for the automotive ecosystem, that help companies
- Define where they are in their cybersecurity maturity
- Understand what they will need to do to develop secure devices
- Manage digital identity of people and products
- Improve internal cybersecurity capabilities and processes
- Validate security built into their products throughout their lifecycle
- Differentiate their products based on security in the marketplace
With more than 500 international security experts, we service customers globally with our industry-leading, working knowledge of automotive standards and best practices. We serve as participants and advisers on several standards groups and industry consortiums, such as the International Organization for Standardization, the UN World Forum for Harmonization of Vehicle Regulations and more. Our insights with these groups and deep technical expertise allow us to efficiently and proactively work with you to plan, test, verify and help secure your automotive innovations from cybersecurity threats to get safer vehicles on the road.
1McKinsey, “The race for cybersecurity: Protecting the connected car in the era of new regulation,” October, 2019.