Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The ECE R155 Cybersecurity Management System (CSMS) became mandatory in the automotive industry’s 2nd stage type approval processes with GSR II regulations. Learn detailed information about CSMS and the approval process for vehicle manufacturers.
The Cybersecurity Management System (CSMS) is defined by ECE Regulation 155, which automotive manufacturers must comply with. This system is a comprehensive security regulation developed to protect vehicles against cyber threats. R155 is also one of the mandates introduced by GSR II.
Compliance with this regulation requires vehicle manufacturers to meet specific cybersecurity standards before releasing their vehicles to the market.
According to the transition dates of GSR II regulations, manufacturers must obtain compliance certification.
The R155 regulation aims to ensure cybersecurity management throughout the vehicle’s entire lifecycle, encompassing every phase from design and production to use and maintenance.
Manufacturers fall into two main categories that must comply with these regulations: those with a 2nd stage type approval (also multi-stage) certificate and those seeking new certification. Manufacturers with a 2nd stage type approval must make the necessary adjustments to align their existing production processes with R155 regulations.
Those seeking new certification must establish a Cybersecurity Management System that complies with R155 regulations from the beginning of their production and design processes.
The Cybersecurity Management System includes a series of policies, processes, and technologies to ensure the safety of manufacturers’ vehicles. This system is designed to increase vehicles’ resilience to cyber-attacks, detect potential threats in advance, and develop effective responses to these threats. It also covers the secure updating of vehicle software and the protection of data security.
To successfully establish and implement the management system, manufacturers must form specialized cybersecurity teams or seek services from expert teams to conduct the approval processes. Additionally, the effectiveness of the management system requires manufacturers to collaborate with supply chain partners and third-party providers, ensuring these stakeholders also adhere to cybersecurity standards.
Regarding cybersecurity and the protection of vehicles against cyber threats, M1, M2, M3, N1, N2, N3 category manufacturers, as well as component and separate technical unit manufacturers, are required to comply with the EU 2019/2144 regulation.
This regulation applies to specific type approval processes and necessitates manufacturers’ compliance. Although there is no mandatory requirement for category O manufacturers, they may seek approval under this regulation if they wish.
Manufacturers performing body construction must first determine whether they fall within this scope based on their production. The impact on the base vehicle is a key consideration. Some documents need to be shared for this assessment.
For instance, a manufacturer producing in the M3 category must consider the types of electrical and electronic products used, their relationship with the base vehicle, and their internal cybersecurity status. This assessment represents a comprehensive and time-consuming process. It determines how extensive the manufacturer’s cybersecurity management system needs to be.
Therefore, bodywork companies must first understand the cybersecurity management system and determine the scope of their evaluation, confirming whether the cybersecurity system is necessary.
Approval durations can range from 3 months to 1 year, depending on the work required. During this period, manufacturers are expected to make the necessary adjustments and effectively implement the cybersecurity management system.
Various solutions and services are offered to effectively implement the cybersecurity management system. Manufacturers can utilize these solutions to comply with cybersecurity regulations. The primary solutions provided under CSMS include:
These solutions help vehicle manufacturers comply with cybersecurity regulations and protect their vehicles against cyber threats.
The requirement of the ECE R155 Cybersecurity Management System in the 2nd stage type approval processes with GSR II regulations holds significant importance in the automotive industry. Manufacturers’ compliance with these regulations ensures their vehicles meet cybersecurity standards and are protected against cyber threats.
During this process, manufacturers must seek support from expert teams to make the necessary adjustments and effectively implement the cybersecurity management system.