Automotive Cybersecurity – UNECE R155, TISAX & Connected Vehicle Security
The automotive industry is undergoing the greatest transformation in its history. Connected vehicles, autonomous driving, and software-defined vehicles create new attack surfaces that traditional security concepts cannot cover. Since July 2024, UNECE R155 and R156 are mandatory for all new vehicle type approvals – cybersecurity has become a prerequisite for vehicle homologation.
Cyber Security Protects Against Industrial Espionage & Supply Chain Attacks
Expertise in the Automotive Industry
Till Oberbeckmann (Managing Partner) has several years of experience in testing modern network protocols – both in research and in practice. He has supported OEMs, Tier-1 suppliers, and automotive startups in the secure implementation of connected systems.
The automotive industry faces a unique challenge: software features are now standard equipment, connected ecosystems enable data-driven business models, and over-the-air updates require end-to-end secure supply chains. Those who fail to meet TISAX or UNECE R155 requirements lose access to major OEMs.
IT Security in Connected Mobility
Security Risks in the Automotive Industry
The automotive industry is a preferred target for cybercriminals and state-sponsored actors. Industrial espionage, supply chain attacks, and the manipulation of connected vehicles are real threats that affect both manufacturers and suppliers.
- 1. UNECE R155/R156 and TISAX Compliance
Since July 2024, all new vehicle types must comply with UNECE regulations R155 (Cybersecurity Management System) and R156 (Software Update Management System). For suppliers, TISAX is the standard for being accepted into the supply chain of major OEMs.
The problem: Implementing a CSMS is complex and requires verifiable security assessments by qualified third parties.
- 2. Connected Vehicles and Over-the-Air Updates
Modern vehicles communicate permanently with cloud backends, other vehicles, and infrastructure. Over-the-air updates enable rapid feature releases but also create new attack vectors – from manipulated updates to man-in-the-middle attacks.
The danger: A compromised update system can affect thousands of vehicles simultaneously.
- 3. Supply Chain Security and IP Protection
The automotive supply chain encompasses hundreds of suppliers with varying security levels. An attack on a Tier-2 supplier can halt entire production lines. At the same time, industrial espionage is a permanent threat to research and development data.
The risk: Production shutdowns, recalls, and the loss of competitive advantages.
Automotive References
Certificates
What's at Stake
- Without TISAX/UNECE Certification
No access to the supply chain of major OEMs. Without a TISAX label or UNECE conformity, suppliers lose existing contracts and cannot win new ones.
- In Case of a Security Incident
Production shutdowns, recalls, reputational damage. A cyberattack on connected vehicles can cause millions in damages and permanently erode customer trust.
- Without a Secure Supply Chain
A compromised supplier endangers the entire value chain. OEMs are tightening their requirements and auditing the cybersecurity maturity of their partners with increasing rigor.
The turingpoint Solution
- Automotive Pentests
We test connected vehicle systems, backend infrastructures, and interfaces according to UNECE standards. Our pentesters have specialized experience with automotive network protocols and embedded systems.
- TISAX Preparation
From gap analysis to certification readiness: we guide you through the entire TISAX process and ensure that your organization meets the requirements of VDA ISA.
- Supply Chain Security
We assess the security of your supply chain, identify vulnerabilities at supplier level, and help you build a comprehensive Cybersecurity Management System (CSMS).
Contact
Curious? Convinced? Interested?
Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: