Cybellum and the Automotive Security Research Group (ASRG) Survey finds that the automotive industry isn’t ready for upcoming cybersecurity regulations
Top 50 Global OEMs and Tier-1-2 automotive suppliers were surveyed to assess their preparedness against vulnerabilities and threats
Cybellum, a vendor in product security lifecycle management and The Automotive Security Research Group (ASRG) released a report today outlining the results of a joint survey conducted amongst top global OEMs and Tier-1-2 suppliers, to assess how the automotive industry currently handles vulnerability management.
“With UNECE WP.29 R155 enforcement fast approaching in Japan, South Korea and the EU, and ISO/SAE 21434 just officially released, it is concerning to find that about 30% of respondents have not started preparing for these new cybersecurity requirements and only 6% are fully prepared,” said John Heldreth, founder of ASRG. “As of 2022, automotive cybersecurity will no longer be a best-practice, but rather mandated and enforced – the industry must shift gears and ready itself for this new era.”
According to the report, automotive players are not ready for the upcoming regulation and are lagging behind IT security practices in their organization. Some of the key findings include:
- 63% of respondents haven’t automated any aspect of their vulnerability management process
- 65% consider timely assessment of new vulnerabilities to be a growing challenge
- 43% note manual processes as the reason behind lengthy security assessments while 42% cite lack of coordination along the supply chain as a hurdle for timely assessments
- 74% prioritize vulnerability management solutions that automate post-production continuous monitoring
- Only 6% are fully ready for the upcoming UNECE WP.29 R155 regulation
“The continued rise in automotive cyber risk and regulatory requirements developed in response require that the automotive industry – one whose core operations haven’t changed much over the last few decades – rethink its approach to vulnerability management,” noted Slava Bronfman, CEO of Cybellum. “Manual processes deemed sufficient in the past will not be good enough. The survey shows this is a major concern of OEMs and their suppliers – Automation of product security assessments and post-production security operations is needed to scale vulnerability management in light of new challenges.”
The Cybellum/ASRG report covers a wide range of issues relevant to automotive cybersecurity and vulnerability management ranging from current levels of preparedness for the regulations to average time to fix vulnerabilities all the way to vulnerability management use cases.
A full copy of the free report is available for download via the Cybellum website – here.
The Automotive Security Research Group (ASRG) is a non-profit organization focused on the advancement of the automotive security industry. Through knowledge, networking and collaboration, we enable the worldwide community of more than 8000 members in 44 locations to create more secure products by building competencies in automotive security. To get more involved, make an impact on the industry, participate in a technical committee, or become part of a project, please reach out to us. Find out more about ASRG at www.asrg.io.
Cybellum empowers automotive OEMs and suppliers to identify and remediate security risks at scale, throughout the entire vehicle life cycle. Our agentless solution scans embedded software components without needing access to their source code, exposing all cyber vulnerabilities. Manufacturers can then take immediate actions to eliminate any cyber risk in the development and production process, before any harm is done, while continuously monitoring for emerging threats impacting vehicles on the road. Read more at automotive.cybellum.com or on LinkedIn.