Automotive Cybersecurity
The connectivity of current and future vehicles can pose a potential threat. Cyber hackers could use them to manipulate vehicles and endanger the safety of road users. Therefore, vehicles need to be protected from cyberattacks.
New vehicle approval regulations such as UNECE R155 for cybersecurity and R156 for software updates and related new standards must be complied with during vehicle development and during the operational phase. Essentially, it is about systematically identifying and managing - i.e. reducing - cyber risks. To do this, process management systems must be implemented in the organization, as well as corresponding technologies in the vehicle.
To help our customers meet these new challenges, DEKRA offers a portfolio of cybersecurity and software upload services. The spectrum includes training, consulting, organisational auditing, product assessment and corresponding certifications.
30+ years of industry knowledge
DEKRA quality in vehicle testing and homologation
Network of DEKRA experts worldwide
Audit and Certification expertise
The ISO has released a draft version of an automotive cyber security engineering standard (ISO DIS 21434) and has announced to release a new standard for automotive software upload (ISO DIS 24089) to provide common understanding and aspects of automotive cyber security in terms of Processes, Requirements and Guidelines.
Those affected by the ISO 21434 standard are:
Vehicle manufacturers
Suppliers of software-based components/systems
Engineering service providers
Software- and ICT-infrastructure service providers
For software upload, compliance to ISO 21434 is a main requirement along the complete vehicle development and lifecycle supply chain.
Requirements for Vehicle Manufacturers and Suppliers

The OEM is responsible
The whole cyber security process is in the hands of the manufacturer and must be maintained throughout the entire vehicle’s lifecycle.

Indirect obligations of suppliers
Requirements for risks, mitigations, testing and support will be cascaded down to the supply chain.

Testing critical components
Security testing of critical components is vital for ensuring the overall security of the vehicle system.

The R155 regulation specifies the requirements for the type approval of vehicles with regard to their cybersecurity. It refers to the specific requirements for the security inspection and approval of vehicles and components that must be operated in a secure condition to ensure that they do not pose a threat to road safety.
The R156 regulation defines the requirements for the technical approval of cybersecurity management systems (CSMS) and safety surveillance systems (SUMS) for vehicles developed in accordance with the R155 regulation.
DEKRA Automotive Cybersecurity Services ensures that your automotive systems are protected from cyber threats. Our services include:
Automotive Cybersecurity Services
DEKRA offers evaluation and expertise services to help you ensure compliance with ISO/SAE 21434 and ISO/DIS 24089 standards. Our services include gap analysis, readiness checks, compliance audits, and project/product cybersecurity assessments (ISO/SAE 21434 only).
DEKRA’s evaluation and expertise services also cover R155/R156 standards and provide CSMS/SUMS readiness checks, audits, certifications, and type approval services.
The DEKRA team of experts conducts PEN-testing, vulnerability scans and fuzz testing to ensure that your systems are secure against cyber-attacks.
DEKRA also offers a range of training services to educate your team on cybersecurity engineering according to ISO 21434, extended TARA, secure software development, secure vehicle/system architectures, the basics of cybersecurity, and cybersecurity awareness (including daily work and email phishing).
Thomas Thurner, Head of Cybersecurity„You have to look at cybersecurity holistically - especially in the automotive industry.“
Stay ahead of the curve and protect your automotive systems from cybersecurity threats with our specialized services.