"Automotive Cybersecurity: Regulatory Landscape, Type Approval, and the Road Ahead"

Effective communication is the key for bringing harmony - be it the communication between humans and humans, or communication between machine and machine. Today’s car is a sophisticated gadget, equipped with the best of technologies running using millions of lines of codes of software. The effective use of these technologies involve communication between car to car and car to infrastructure using Dedicated Short Range Communication (DSRC), C-V2X (Cellular Vehicle-to-Everything). It is pertinent that any communication using the internet needs to be digitally secure and that the systems are designed to mitigate the perceived threats. The methods used for ensuring cyber safety of automobiles need to be verified before the end product is put to use. Automotive Industry Standards AIS-189 and AIS-190 have been formulated to provide a harmonized verification framework. Both the vehicle manufacturer and the test agency need to equip themselves with necessary skills and tools to ensure compliance as per the laid down norms. With the ever-increasing use of software to run vehicles, the regulatory requirements would need to be constantly updated by reviewing the future threats involved and probable measures to mitigate them. The paper presents an overview of these important elements of cyber security regulations viz., applicable standards and approval procedure and means for a constant update of the two. Keywords: AIS-189, AIS-190, Threat Analysis, Risk Assessment, Cybersecurity, Type approval