New EU regulation for cybersecurity in new cars

in Network Security

on

The vehicle industry is changing

On the one hand, the EU will no longer allow vehicles that run on petrol or diesel from 2035, and on the other, autonomous driving is set to become a reality in the near future.

Cybersecurity is another important topic. In the European Union, a Cybersecurity Management System (CSMS) has been mandatory for all newly developed vehicle types since July 2022 and for all new vehicles from July 2024. For vehicle development, these regulations mean that cybersecurity must be taken into account at a very early stage.

From July 7, 2024, new rules for software and data security in cars will come into force in the EU. After some car manufacturers are unable to comply with the rules for some of their vehicle types, they will simply be removed from the range. The most prominent victim is probably the VW Up. But familiar faces such as the T6.1 and the Porsche Maca, Cayman and Boxter models are also affected. Some Skoda and Seat models, the Renault Zoe and the two-seater Smart from Mercedes Benz will also be discontinued. According to the companies, it would be too expensive to redevelop the electronic architectures.

The regulation can only be circumvented if the vehicles are not only produced and delivered by July 7, 2024, but also registered. One exception is the T6.1 California motorhome version, for which orders are still being accepted at short notice, as motorhomes are only affected by the regulation from September 1. 

This clearly shows how difficult it is for the industry to protect its products from hacker attacks. A large part of the automotive industry is also not yet prepared for the new regulation - even though it has been in force for new cars since 2022.

But this challenge does not only affect car companies! Vulnerabilities and security gaps can occur throughout the entire supply chain. While cyber criminals know their way around the IT playing field, IT security is still uncharted territory for many companies in the automotive sector. Which should be urgently remedied, because the next steps in networking, such as "over the air" updates or data connection with the infrastructure (such as traffic lights), are already on the horizon. And the security rules will not be limited to the EU, as they originate from the UNECE, the UN transport organization.

class="wp-image-6682"
news
home page
class="wp-image-6682"

Current contributions

  • Over 80% critical security vulnerabilities
    Alarming results from our IHK cooperation on IT security at companies! Which critical security gaps were found in our pentests?
  • "Find & Fix" campaign to get to know each other
    Protect your company and find out which security gaps or vulnerabilities exist in your IT.
  • New DEFENDERBOX feature
    After each pentest (penetration test) with the DEFENDERBOX, our customers receive an email informing them of the status of the result.
  • DEFENDERBOX NIS-2 compliant
    Our DEFENDERBOX is NIS-2 compliant, i.e. the DEFENDERBOX reports document exactly all pentests that are valid as NIS-2 certification for the NIS-2 audits.
  • Targeted by cyber criminals
    If law firms fall victim to blackmail cyber attacks, the damage is particularly high. This is why ransoms are often paid. Investments in cyber security and insurance offer protection.
class="wp-image-6678"

Do you want to know how secure your company is? Try it out! Click here for a test installation of DEFENDERBOX.
The trial offer is valid until
30. September 2024.

Order now

Comments are closed.