Hello guys, welcome back to our blog. In this article, I will discuss UN R155 and UN156 management in software-defined vehicles. Its impact on modern vehicles and challenges.

Ask questions if you have any electrical, electronics, or computer science doubts. You can also catch me on Instagram – CS Electrical & Electronics

UN R155 and UN156 Management in Software-Defined Vehicles

The rapid transformation of the automotive industry into a connected and software-driven ecosystem has introduced unprecedented challenges in cybersecurity and software integrity. Modern vehicles now operate more like computers on wheels, equipped with various Electronic Control Units (ECUs), connectivity modules, and autonomous features. With the increased surface for cyber threats, ensuring the security and integrity of these systems is vital.

Recognizing this necessity, the United Nations Economic Commission for Europe (UNECE) introduced UN R155 and UN R156—two pivotal regulations addressing Cybersecurity Management Systems (CSMS) and Software Update Management Systems (SUMS), respectively. These regulations aim to standardize practices across manufacturers, suppliers, and software providers to secure the automotive ecosystem effectively.

Overview of UN R155: Cybersecurity Management System (CSMS)

What is UN R155?

UN R155 is a regulation focused on establishing cybersecurity management across the entire lifecycle of a vehicle. It mandates that automotive manufacturers implement a CSMS to identify, assess, and mitigate cyber threats to vehicles.

Core Objectives

Protect vehicle systems from cyberattacks
Detect and respond to security incidents
Secure vehicle data and communications
Ensure post-production cybersecurity support

CSMS Requirements

The regulation demands that manufacturers:

Conduct Threat Analysis and Risk Assessment (TARA)
Establish secure design principles
Monitor and detect cybersecurity threats in the field
Maintain a cybersecurity incident response plan
Document all cybersecurity activities and updates throughout the vehicle lifecycle

Real-world Scenarios

For instance, a CSMS would protect against unauthorized access to a vehicle’s telematics system or malicious code injection into the infotainment system. Companies like Volkswagen and BMW have already adapted their processes to align with CSMS requirements.

Overview of UN R156: Software Update Management System (SUMS)

What is UN R156?

UN R156 addresses the increasing reliance on software updates in modern vehicles, particularly Over-the-Air (OTA) updates. The regulation mandates the implementation of a SUMS to manage and secure software changes effectively.

SUMS Core Objectives

Prevent unauthorized software modifications
Ensure traceability of software versions
Provide secure update mechanisms
Maintain a robust rollback and validation strategy

Requirements of SUMS

Manufacturers must:

Maintain detailed software configuration and update records
Verify software integrity before and after deployment
Securely deliver updates using encryption and authentication
Ensure compatibility and safety of updates
Coordinate with suppliers for seamless software update integration

Real-world Applications

Tesla, for example, frequently deploys OTA updates to enhance vehicle features and fix bugs. UN R156 ensures that such updates are secure and well-documented.

UN R155 and R156 Certification Process

To comply with UN R155 and R156, OEMs must undergo audits and certification from authorized Technical Services. The process includes:

Submitting detailed CSMS and SUMS documentation
Demonstrating adherence to TARA and secure SDLC practices
Providing evidence of threat detection, monitoring, and update validation mechanisms
Ensuring supplier compliance

Comparison Between UN R155 and R156

Impact on Automotive Ecosystem

Impact on OEMs and Tier-1 Suppliers

OEMs are required to prove that both their internal processes and those of their suppliers align with the UN regulations. This often involves contractual changes and stringent process adaptations.

Impact on Vehicle Development Process

Vehicle development lifecycles now integrate cybersecurity and update management considerations at every phase, from design to post-production support.

Tools and Standards Used

ISO/SAE 21434 for cybersecurity engineering
ASPICE for process maturity
AUTOSAR for standardizing software platforms

Challenges and Future Scope

Implementing CSMS and SUMS is not without challenges. These include:

High complexity of threat modeling
Coordinating across global supply chains
Ensuring continuous compliance post-certification

The future scope may involve expanding these regulations to cover more vehicle categories and introducing newer standards like ISO 24089 for software update engineering.

Conclusion

UN R155 and R156 mark a significant milestone in the journey towards secure and future-ready vehicles. These regulations ensure that cybersecurity and software update management are not afterthoughts but integral to vehicle design and operation. As vehicles become more connected and autonomous, compliance with these regulations will become a competitive advantage, ensuring safety, trust, and long-term brand loyalty in the automotive world.

This was about “Understanding UN R155 and R156: The Foundation of Cybersecurity and Software Update Management In SDVs“. Thank you for reading.

Also, read:

About The Author

Chetan Shidling

Automotive | Technical Blogger | Engineer | Content Creator

See author's posts

Share Now