2023
08.May.2023
A DEKRA Company, Onward Security Once Again Received Cybersecurity Excellence Awards, Showcasing Automotive Cybersecurity Solutions at CYBERSEC
[Taipei, Taiwan: May 8th, 2023]- – The leading IoT cybersecurity compliance solution provider, Onward Security, a DEKRA company, once again received the 2023 Cybersecurity Excellence Awards - Open Source Security - ASIA Gold Winner and will showcase at CYBERSEC its awarded product SecSAM, Security Assessment Management System, as well as SecDevice, IoT Vulnerability Testing Tool, that discovers unknown vulnerabilities through fuzzing technology. Also, it integrates the latest automotive, consumer IoT, OT, and medical cybersecurity compliance solutions of DEKRA Cyber Security Hub to provide customers with complete international consultant and certification services, meet the regulatory requirements of global governments, as well as solve the issues of supply chain security.
According to PRECEDENCE Research indicated that the global automotive cybersecurity market was USD3.1 billion in 2022. It will grow to USD 16.43 billion by 2032, progressing at a CAGR of 18.15%. Automotive cybersecurity is an emerging technology and topic that is to prevent auto software or communications systems of connected cars from being tampered with. Contemporary automotive utilize information and communication technologies which are getting more complex so as to require cybersecurity. From in-vehicle computers, electronic control units for specific tasks, in-vehicle communication protocols, internal and external software, and automation functions to cloud systems which all require to be secure. The common automotive cybersecurity threat and attack methods include Man-in-the-middle attacks through mobile phones or Wi-Fi, directly invading the vehicle control system, attacking the core of the display browser, attacking the vulnerabilities of in-vehicle operation system such as privilege escalation or malware execution, or attacking the supply chain during in-vehicle software and firmware upgrade.
How to deal with an automotive supply chain attack? Suggesting starting with international regulations and standards compliance. UNECE rules that all new vehicles must comply with R155/R156 from 2024. And the automotive cybersecurity standard ISO/SAE 21434 released in 2021 provides a strict framework to ensure the security of the automotive supply chain, and well manage the risks for the ecosystem. The other international cybersecurity standards of the automotive industry comprise TiSAX, preventing confidential information leakage, and A-SPICE, automotive software development flow assessment.
Besides, for the Internet of Things, many countries have formulated mandatory cybersecurity regulations which mostly referred to ETSI EN 303 645 and IEC 62443. The RED-DA (delegated Acts) added network and communication security requirements that regulate manufacturers to comply with while designing and producing their connected products so as to ensure security before going to EU markets, protect consumers’ privacy and personal information, and prevent the risks of ransomware. Along with increasing cyber-attacks, mandatory cybersecurity regulation is not only in the EU, but also in the US, Singapore, China, and more. IoT cybersecurity compliance has been a global trend. Considering product development and testing time, it is better to start assessing cybersecurity now.
Oftentimes, product teams speed up the development time to fast time to market. For that reason, they use open-source software which may exist vulnerabilities that cause crucial data leakage. However, through the flow implementation of DevSecOps and automation tool assisting, the risks can be reduced effectively, says Daniel Liu, CTO of Onward Security. And how to realize both agile development and security compliance? Daniel is going to share the best practice in the DevSecOps forum of CYBERSEC on 5/10.
According to PRECEDENCE Research indicated that the global automotive cybersecurity market was USD3.1 billion in 2022. It will grow to USD 16.43 billion by 2032, progressing at a CAGR of 18.15%. Automotive cybersecurity is an emerging technology and topic that is to prevent auto software or communications systems of connected cars from being tampered with. Contemporary automotive utilize information and communication technologies which are getting more complex so as to require cybersecurity. From in-vehicle computers, electronic control units for specific tasks, in-vehicle communication protocols, internal and external software, and automation functions to cloud systems which all require to be secure. The common automotive cybersecurity threat and attack methods include Man-in-the-middle attacks through mobile phones or Wi-Fi, directly invading the vehicle control system, attacking the core of the display browser, attacking the vulnerabilities of in-vehicle operation system such as privilege escalation or malware execution, or attacking the supply chain during in-vehicle software and firmware upgrade.
How to deal with an automotive supply chain attack? Suggesting starting with international regulations and standards compliance. UNECE rules that all new vehicles must comply with R155/R156 from 2024. And the automotive cybersecurity standard ISO/SAE 21434 released in 2021 provides a strict framework to ensure the security of the automotive supply chain, and well manage the risks for the ecosystem. The other international cybersecurity standards of the automotive industry comprise TiSAX, preventing confidential information leakage, and A-SPICE, automotive software development flow assessment.
Besides, for the Internet of Things, many countries have formulated mandatory cybersecurity regulations which mostly referred to ETSI EN 303 645 and IEC 62443. The RED-DA (delegated Acts) added network and communication security requirements that regulate manufacturers to comply with while designing and producing their connected products so as to ensure security before going to EU markets, protect consumers’ privacy and personal information, and prevent the risks of ransomware. Along with increasing cyber-attacks, mandatory cybersecurity regulation is not only in the EU, but also in the US, Singapore, China, and more. IoT cybersecurity compliance has been a global trend. Considering product development and testing time, it is better to start assessing cybersecurity now.
Oftentimes, product teams speed up the development time to fast time to market. For that reason, they use open-source software which may exist vulnerabilities that cause crucial data leakage. However, through the flow implementation of DevSecOps and automation tool assisting, the risks can be reduced effectively, says Daniel Liu, CTO of Onward Security. And how to realize both agile development and security compliance? Daniel is going to share the best practice in the DevSecOps forum of CYBERSEC on 5/10.
About Onward Security
Onward Security, a DEKRA company, is a leading brand in cybersecurity compliance solutions for the Internet of Things. Onward Security has been selected as a Hot Company in the Cybersecurity Internet of Things, Global InfoSec Awards. In addition to possessing Asia's most complete cybersecurity assessment lab, it develops automated security assessment products with AI and machine learning features. It has been dedicated to helping customers in IoT/IIoT device manufacturing, automotive, healthcare, and other industries to fast obtain security certification and effectively manage risks and vulnerabilities of open-source software to ensure cyber and product security.
