Cybersecurity Regulations For Automakers Coming In Early 2021

 

The United Nations will be issuing a mandate in early 2021 for automakers that applies to the software used in connected cars to ensure the safety and privacy of consumers. Once fully implemented, the mandate from the United Nations Economic Commission for Europe (UNECE) could prohibit the sale of connected cars that do not have proper authorization. While some of the 53 countries that are part of the new mandate will implement security measures immediately, others may take an approach that integrates them over time. An important aspect to note is that the new regulations will not apply to the United States, but the U.S. will have to follow suit if it hopes to sell vehicles with a software component in countries that are part of the agreement.

The regulation, titled ISO/SAE 21434, comes as a result of the dramatic increase in connected cars on the road, a trend which will only increase in the coming years. According to Statista, which is a portal for market data and industry research, worldwide shipments of connected cars could reach more than 75 million by the year 2023. This makes the matter all the more pressing since more software on the road means there is more potential for problems such as data breaches and cyber attacks.

For countries that are subject to the new regulation, vehicle manufacturers and their suppliers must take an active role in looking for vulnerabilities in the software that is included in their vehicles. As technological features become more advanced and complex, this sort of oversight becomes an increasingly difficult task. Consumer demand is definitely high for connected cars and shows no sign of slowing down, while at the same time, auto makers rush to get the latest technological advancements integrated into their newer models.

As it’s currently articulated, the countries that are subject to ISO/SAE 21434 must report every year on the steps they are taking to prevent security breaches, including how they handle specific types of attacks and whether their current approach has been effective in preventing them. Additionally, they must meet certification standards once every three years. The implementation of these standards will require a hefty investment for auto manufacturers as they work to match the speed of technological innovation with company oversight to make them safe and secure.

One of the main issues that the new regulations hope to tackle is the lack of over-the-air software updates available to connected cars. While home computers have long had this feature, many of the connected cars on the road do not, which creates the potential for vulnerabilities. As more technological features are added to connected cars—especially autonomous driving and driver assistance software—the more important it will be to have proper oversight and regulation of safety concerns.