UNECE Vehicle Regulations: UN R155 & UN R156
In mid-2021, the UNCE released new vehicle cybersecurity regulations in an effort to keep up with the rapid reliance of digitization within the automotive industry. These new standards, UN R155 and UN R156, take similar stances to the ISO SAE 21434 and ISO 26262 standards.
What are the UN R155 and UN R156 regulations?
The UNECE Vehicle Regulations are a set of regulations that deal with Vehicle Cybersecurity. There are two regulations in this set: UN R155 and UN R156. UN R155 deals with the general requirements for Vehicle Cybersecurity, while UN R156 deals with the specific requirements for heavy vehicles.
The UNECE Vehicle Regulations are significant as they provide a set of standards that must be met in order to ensure the safety of road vehicles. Vehicle Cybersecurity is a critical issue, and the UN R155 and UN R156 regulations provide a framework for dealing with it. They also help to ensure that various countries have uniform standards for Vehicle Cybersecurity. A critical point in allowing for the free flow of goods across borders.
The UNECE Vehicle Regulations are also important from a safety perspective. Vehicle Cybersecurity can help to prevent accidents and save lives. By ensuring that vehicles meet a set of standards for Vehicle Cybersecurity, the UNECE Vehicle Regulations play an important role in improving safety on our roads.
What are the main points of UN R155 and UN R156?
The main points of UN R155 are:
- Vehicle Cybersecurity should be designed into vehicles from the beginning stages of development
- Vehicles should be able to withstand cyberattacks
- Vehicle Cybersecurity should be tested throughout the life of the vehicle
- Vehicle manufacturers should work with suppliers to ensure the security of vehicles
- Updating vehicle software safely and securely, including a legal basis for over-the-air updates
Relationship to ISO 21434
Unlike ISO/SAE 21434, which does not specify particular processes but rather requires compliance and the establishment of work procedures to ensure it - such as implementing an information security program in your company-UN R155 goes one step further by demanding that you create specifically tailored management systems focused on cyber threats from vehicles called Cybersecurity Management Systems (CSMS).
This includes having access controls in place along with pentest protection strategies; all things considered necessary if we want our cars safe enough when connected digitally via Bluetooth, WiFi signals, and cellular modem/LTE among others.
Securing vehicles “by design” to mitigate risks along the value chain
Building security into vehicles by design is one of the points included in the new UNCE regulations. This put added pressure on automakers and suppliers to only secure their first-party code, but also third-party code including an open-source that may be inherited through the software supply chain .
This is not a predicament solely faced within the automotive industry, but rather a universal concern for any and all organizations that develop or include software in their products.
There are many software testing techniques that organizations can employ, but advanced fuzzing engines such as Mayhem have the unique advantage of covering all varieties of vulnerabilities, including known, known-unknown, and unknown unknown (new). If you would like to learn more about how fuzzing can help you meet UN R155 and UN R156, please contact us.
Conclusion
Vehicle Cybersecurity is a critical issue, and the UN R155 and UN R156 regulations provide a framework for dealing with it. They also help to ensure that various countries have uniform standards for Vehicle Cybersecurity. A critical point in allowing for the free flow of goods across borders.
The UNECE Vehicle Regulations are also important from a safety perspective. Vehicle Cybersecurity can help to prevent accidents and save lives. By ensuring that vehicles meet a set of standards for Vehicle Cybersecurity, the UNECE Vehicle Regulations play an important role in improving safety.
{{code-cta}}
Add Mayhem to Your DevSecOps for Free.
Get a full-featured 30 day free trial.