The evolution toward software-defined vehicles (SDVs) is causing disruption to the traditional automotive supply chain and breaking down the common hierarchical OEM, tier 1 supplier, and tier 2 supplier relationships. With demands for faster software release cycles, more advanced software projects involving multi-party development, and considerations for end-to-end embedded and cloud integrations, new cybersecurity challenges are introduced that no single organization can address alone. Thus, this disruption creates new trust dependencies and requires new models for collaboration, transparency, and joint responsibility in cybersecurity.
This paper presents a collaborative cybersecurity model, emphasizing shared responsibility during multi-party development between OEMs, tier 1 and 2 suppliers, engineering services organizations, and technology and services providers. As such, we explore collaborative approaches for each stage in the development lifecycle including design, development, testing and validation, and post-release activities. This includes joint development frameworks, standardized communication and reporting approaches, and cooperative continuous cybersecurity activities. These collaborative approaches enable the involved parties to maintain trust, mitigate cross-organization risks, and support rapid innovation while assuring cybersecurity.
The current traditional siloed approaches or purely internal monitoring practices cannot adequately address new multi-party risks. Thus, as the automotive supply chain is disrupted, cybersecurity must also be considered in a collaborative manner in order to secure vehicles throughout the development lifecycle across a distributed and rapidly changing supply chain. Therefore, our paper focuses on a collaborative model that provides a practical, pre-competitive framework that allows to tackle cybersecurity cooperatively while enabling agile software delivery.