Cybellum and the Automotive Security Research Group (ASRG) Survey finds that the automotive industry isn’t ready for upcoming cybersecurity regulations

TEL AVIV, Israel, Sept. 8, 2021 /PRNewswire/ — Cybellum, a leader in product security lifecycle management and The Automotive Security Research Group (ASRG) released a report today outlining the results of a joint survey conducted amongst top global OEMs and Tier-1-2 suppliers, to assess how the automotive industry currently handles vulnerability management.

“With UNECE WP.29 R155 enforcement fast approaching in Japan, South Korea and the EU, and ISO/SAE 21434 just officially released, it is concerning to find that about 30% of respondents have not started preparing for these new cybersecurity requirements and only 6% are fully prepared,” said John Heldreth, founder of ASRG. “As of 2022, automotive cybersecurity will no longer be a best-practice, but rather mandated and enforced – the industry must shift gears and ready itself for this new era.”

According to the report, automotive players are not ready for the upcoming regulation and are lagging behind IT security practices in their organization. Some of the key findings include:

63% of respondents haven’t automated any aspect of their vulnerability management process
65% consider timely assessment of new vulnerabilities to be a growing challenge
43% note manual processes as the reason behind lengthy security assessments while 42% cite lack of coordination along the supply chain as a hurdle for timely assessments
74% prioritize vulnerability management solutions that automate post-production continuous monitoring
Only 6% are fully ready for the upcoming UNECE WP.29 R155 regulation

“The continued rise in automotive cyber risk and regulatory requirements developed in response require that the automotive industry – one whose core operations haven’t changed much over the last few decades – rethink its approach to vulnerability management,” noted Slava Bronfman, CEO of Cybellum. “Manual processes deemed sufficient in the past will not be good enough. The survey shows this is a major concern of OEMs and their suppliers – Automation of product security assessments and post-production security operations is needed to scale vulnerability management in light of new challenges.”

The Cybellum/ASRG report covers a wide range of issues relevant to automotive cybersecurity and vulnerability management ranging from current levels of preparedness for the regulations to average time to fix vulnerabilities all the way to vulnerability management use cases.

A full copy of the free report is available for download via the Cybellum website – here.

About ASRG

The Automotive Security Research Group (ASRG) is a non-profit organization focused on the advancement of the automotive security industry. Through knowledge, networking and collaboration, we enable the worldwide community of more than 8000 members in 44 locations to create more secure products by building competencies in automotive security. To get more involved, make an impact on the industry, participate in a technical committee, or become part of a project, please reach out to us. You can find out more about ASRG at www.asrg.io, or send us an email at hello@asrg.io.

About Cybellum

Cybellum empowers automotive OEMs and suppliers to identify and remediate security risks at scale, throughout the entire vehicle life cycle. Our agentless solution scans embedded software components without needing access to their source code, exposing all cyber vulnerabilities. Manufacturers can then take immediate actions to eliminate any cyber risk in the development and production process, before any harm is done, while continuously monitoring for emerging threats impacting vehicles on the road. Read more at automotive.cybellum.com or follow us on LinkedIn.