Introduced by the United Nations Economic Commission for Europe (UNECE), the new UN R155 regulation addresses the increasing focus on cybersecurity in connected automobiles. This regulation, which came into effect from July 2022, requires vehicle manufacturers to apply a security-by-design approach to their products and processes. To enable new vehicle sales in markets covered by the R155 regulation, the vehicle manufacturer must own a valid certificate of compliance for the cybersecurity management system (CSMS) applied to each vehicle type. To achieve certification, vehicle OEMs must implement cybersecurity practices across the supply chain to reduce the overall risk of attack throughout the vehicle lifecycle – from initial concept to end-of-life.
To help customers achieve compliance with national and international cybersecurity regulations such as UN R155, Infineon Technologies AG is one of the first semiconductor suppliers to achieve certification under ISO/SAE 21434, the new international standard for automotive cybersecurity management systems. The certification for this standard was carried out by TÜV Nord. In addition, Infineon’s upcoming AURIX TC4xx microcontroller family features a new and innovative cybersecurity architecture and is expected to achieve product certification under the ISO/SAE 21434 standard.
Infineon’s ISO/SAE 21434-compliant CSMS applies to a wide range of Infineon products supporting automotive cybersecurity, including AURIX and PSOC microcontrollers, SEMPER™ Secure flash memories, and OPTIGA hardware security modules. Following industry best practices, the CSMS covers information technology, manufacturing technology, and selected regional and regulatory environments.
Infineon’s threat monitoring system is able to actively analyze relevant vulnerability disclosures, and potential threats to Infineon security products and systems can be evaluated and mitigated based on an ISO/SAE 21434-compliant product security incident response process. Together, these ISO/SAE 21434-compliant monitoring and incident response capabilities enable Infineon and its customers to work in close cooperation to rapidly identify and mitigate product security risks in compliance with risk management programs and relevant regulations.