Secure software updates for vehicles
Software updates for cell phones via a mobile data connection or WLAN are already standard. Automotive manufacturers (OEMs) also want to use this method and install software updates on the vehicle "over-the-air" (OTA), i.e., wirelessly. In this way, the infotainment system or an ECU of the vehicle can be retrofitted with improved software via radio or new functions can be provided for it. Security gaps are thus closed quickly and easily in the background. This not only saves the vehicle owner a trip to the workshop, but also reduces the recall rate of vehicles. The associated high costs can thus be averted.
With every software update, regardless of whether it is performed in the workshop or imported OTA, it must be ensured that the complete networking architecture of a vehicle is still functional. A Software Update Management System (SUMS) provides a legal basis for providing software updates securely and ensuring that the vehicle continues to function after the update. It helps define processes to comply with the requirements for secure software updates.
Introduction of a software update management system
The UNECE, the United Nations Economic Commission for Europe, and its WP.29 working group are concerned, among other things, with the harmonization of vehicle regulations. It has issued an obligation to introduce such a software update management system. This UNECE regulation will come into force in January 2021.
OEMs must ensure that software updates can be installed smoothly and without risk. This affects the entire electrical/electronic (E/E) system of the vehicle with all its ECUs. OEMs must provide evidence of their processes and mechanisms for handling software updates. Furthermore, transparent tracking and documentation of these software updates must be ensured. As the responsible parties for the entire vehicle, OEMs will also involve suppliers in this process. The basis for compliance with the UNECE regulation is software configuration management, including compatibility management for all software in the vehicle along the value chain.
Major challenges for OEMs
This new UNECE regulation presents OEMs with major challenges. They are under time pressure due to the necessary establishment of the processes and the required documentation. Without certification of the configuration and compatibility management system – i.e., an overall software update management system – no new vehicle types may be approved for homologation from July 2022, and from July 2024 no new vehicles produced after this date may be approved.
Thus, OEMs must hurry to clarify their internal processes for compliance with the software update management system and create a concept for configuration as well as compatibility management.
Best practice at msg
After clarification of the OEMs' internal processes for software updates, a concept for configuration and compatibility management is possible. In this process, the interaction of artifacts within a vehicle is to be configured, evaluated and checked for compatibility. In our experience, an IT system for configuration and compatibility management is the optimal support for UNECE compliance for three key reasons:
- Legal requirements are met by introducing product versions for planning, developing and controlling vehicles, and by assessing and documenting the networking compatibility of ECUs in the vehicle in IT systems.
- The IT systems provide a high degree of automation of the processes for configuration management and compatibility assessment of ECUs and reduce error-proneness by integrating technical interfaces.
- Appropriate IT systems support vehicle-wide product versions in series production and ensure the transparency and traceability of compatibility assessments.
IT, automotive and homologation experts at msg
msg has in-depth IT and industry expertise. Experts in the areas of software update management systems as well as electrics/electronics support our customers in identifying relevant regulations, in evaluating company-specific processes and homologation procedures up to obtaining type approval. Consulting, conception, functional specification up to the implementation of IT systems: We are ready to help.