In the last years, the increasing number of cyber-attacks on vehicles has shown the importance to implement security solutions within the automotive domain. To reduce the risk that a vehicle or its components get attacked and compromised, two cybersecurity references have been released: UNECE WP.29 R155 and ISO/SAE 21434. In March 2021, the United Nations Economic Commission for Europe (UNECE) published the WP.29 R155 regulation, mandatory in some countries from July 2022 to homologate vehicles' cybersecurity. Officially released in August 2021, ISO/SAE 21434 is a cybersecurity standard which aims to be widely accepted and applied in the engineering of electrical and electronic (E/E) systems for road vehicles. In this work, we describe and analyze the two norms, comparing them to show their points of contact and differences. From our analysis, the two documents, spanned both along the entire life-cycle of a vehicle, can be considered overlapped in some processes, but also complementary to increase the cybersecurity of the vehicle. Finally, we provide a use case of application of the regulation and the standard on an E/E system, reporting the possible limits and implementations.
A Comparative Analysis of UNECE WP.29 R155 and ISO/SAE 21434
Costantino G;De Vincenzi M;Matteucci I
2022
Abstract
In the last years, the increasing number of cyber-attacks on vehicles has shown the importance to implement security solutions within the automotive domain. To reduce the risk that a vehicle or its components get attacked and compromised, two cybersecurity references have been released: UNECE WP.29 R155 and ISO/SAE 21434. In March 2021, the United Nations Economic Commission for Europe (UNECE) published the WP.29 R155 regulation, mandatory in some countries from July 2022 to homologate vehicles' cybersecurity. Officially released in August 2021, ISO/SAE 21434 is a cybersecurity standard which aims to be widely accepted and applied in the engineering of electrical and electronic (E/E) systems for road vehicles. In this work, we describe and analyze the two norms, comparing them to show their points of contact and differences. From our analysis, the two documents, spanned both along the entire life-cycle of a vehicle, can be considered overlapped in some processes, but also complementary to increase the cybersecurity of the vehicle. Finally, we provide a use case of application of the regulation and the standard on an E/E system, reporting the possible limits and implementations.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
