Did you Know InfoSec Assurance is Required in Automotive Product Testing?
Posted on Sep 2019 by Devesh Panchwagh
If you are an automotive supplier or service provider, you may have enough to worry about to stay on track with product delivery goals. There are OEM demands and aggressive plans to speed time to market. And now, Information Security assurance is required in the Testing phase for Automotive products.
According to a Ponemon survey of 593 automotive professionals, 44% say their organizations impose cybersecurity requirements for products provided by upstream suppliers.
However, will these automotive products pass InfoSec Assurance? Results of the same survey revealed that 63% of respondents tested less than half of hardware, software and other technologies for vulnerabilities. With information systems playing such an integral part in the manufacturing process and to keep vehicles connected, InfoSec Testing is a logical requirement. Where can you turn for accurate, repeatable InfoSec Testing for Automotive systems?
Enter TISAX: One assessment does it all
The VDA (German Association of the Automotive Industry) and the ENX Association, along with TISAX (Trusted Information Security Assessment Exchange), developed a standard to conduct information security tests and assessments.
While TISAX promotes security trust within the Automotive industry through the sharing of assessment results, the major benefit for suppliers and service providers is that you don’t have to repeat testing steps. One assessment is all you need. Cutting down on multiple assessments not only saves steps in the production lifecycle, it also reduces cost.
TISAX establishes a common information security assessment and exchange mechanism that is followed throughout the industry. Moreover, ENX acts as a governing body of TISAX to assure the quality of implementation and assessment results.
Why make Information Security a priority?
For autonomous vehicles in particular, the threat of information system compromise is real. The ever-increasing number of Internet-connected cars makes them a prime target for hackers. Connected cars connect everything from safety-critical components and features to applications from mobile devices. According to a California-based Consumer Watchdog report, “Experts agree that connecting safety-critical components to the Internet through a complex information and entertainment device is a security flaw.
“Experts agree that connecting safety-critical components to the Internet through an information and entertainment device is a security flaw. This design allows hackers to control a vehicle’s operations and take it over from across the Internet.”
– excerpt from Consumer Watchdog report
This design allows hackers to control a vehicle’s operations and take it over from across the Internet,” the report said. The report went on to note that “by 2022, no less than two-thirds of new cars on American roads will have online connections to the cars’ safety-critical system, putting them at risk of deadly hacks.”
It’s not just the vehicles that are connected. All Automotive suppliers use some form of a connected device in their operational environments. The State of Manufacturing survey of Automotive suppliers revealed that 95% of respondents use handheld devices, 91% use consumer mobile devices and 51% use IP-enabled tools and machines.
Work with an accredited TISAX provider
It is critical for Automotive suppliers and service providers to conduct TISAX assessments with firms that are accredited by the VDA ISA. Our company, TÜV Rheinland i-sec GmbH, is one of a few accredited firms that can perform TISAX assessments all over the globe. Based on a framework of Accreditation Criteria and AssessmentRequirements (ENX TISAX ACAR), we achieved specific milestones to gain this recognition.
Learn more about a recent TISAX assessment we conducted with a global technology firm to help them build secure applications and services.