Supplier Shield and the UN Regulation N°155

Written By Nicolas Rossel

One of the most significant technological advances in recent times has been the development of autonomous vehicles. With the increasing integration of technology, the reliance on third-party risk management (TPRM) systems and components in autonomous vehicles has become more prevalent. However, with the growing use of third-party components, the vendor risk of vulnerabilities and threats to autonomous vehicles also increases. The purpose of this article is to discuss how UN regulation No. 155 addresses the risks posed by third parties to autonomous vehicles. 

Third-party Components In Autonomous Vehicles 

The autonomous vehicle industry relies heavily on third-party components. The sensors, software, and communication systems used in autonomous vehicles are provided by third-party vendors. However, this dependence on third parties increases the risk of threats and vulnerabilities. Unintentionally or intentionally, third parties can introduce security risks that could impact autonomous vehicles’ performance and safety. There may be security gaps in third-party products because they do not adhere to the same security standards as the vehicle’s manufacturer. 

Potential Threats And Vulnerabilities 

One of the main potential threats that third parties pose to autonomous vehicles is cyber-attacks. Cyber-attacks on autonomous vehicles can lead to accidents, injuries, and even fatalities. For instance, hackers can take control of the vehicle’s systems, alter routes, or cause the vehicle to malfunction. Additionally, third-party components may not be adequately tested for cybersecurity vulnerabilities, which can pose a risk to the entire autonomous vehicle system. 

Another potential vulnerability of third-party components in autonomous vehicles is inadequate quality control. Since the third-party risk management framework may not meet the same quality standards as the original vehicle component manufacturer, they are susceptible to failure. Any malfunctions in these components can significantly affect the performance of the entire autonomous vehicle system, potentially leading to accidents or critical system failures. 

UN Regulation N° 155 

UN Regulation No. 155 provides a framework for the cybersecurity of automotive systems. The regulation outlines the responsibilities of the manufacturer, which includes ensuring the security of third-party components used in the vehicle. The regulation also requires manufacturers to implement a cybersecurity management system to manage cybersecurity risks in the vehicle’s components and systems. 

To comply with UN regulation No. 155, the vehicle manufacturer must demonstrate that the processes used within their Cyber Security Management System ensure security is adequately considered. This shall include:  

  • The processes used within the manufacturer’s organization to manage cyber security.  

  • The processes used for the identification of risks related to vehicle types. 

  • The processes used for the assessment, categorization, and treatment of the risks identified. 

  • The processes are in place to verify that the risks identified are appropriately managed. 

  • The processes used for testing the cyber security of a vehicle type. 

  • The processes used for ensuring that the risk assessment is kept current. 

  • The processes used for monitoring, detecting, and responding to cyber-attacks, cyber threats, and vulnerabilities on vehicle types. 

Regarding the requirements listed above, manufacturers are required to monitor the security of their third-party components throughout the vehicle’s manufacturing life cycle. They must provide enough information to enable proper checks following the regulations. 

Besides collecting and verifying information from their supply chain, vehicle manufacturers must also demonstrate that supplier-related risks are identified and managed. This indicates that the manufacturer must take responsibility for ensuring that their suppliers are also meeting the necessary cyber security standards. 

Furthermore, the manufacturer must demonstrate how their Cyber Security Management System will manage dependencies that may exist with contracted suppliers, service providers, or manufacturer’s sub-organizations. This highlights the need for a comprehensive approach to cyber security management that considers all aspects of the supply chain and the organization. 

To summarize, the use of third-party components in autonomous vehicles provides many benefits but also presents security risks. The risk of cyber-attacks, quality control issues, and vulnerabilities in third-party components can impact the safety and performance of autonomous vehicles. UN Regulation No. 155 provides a framework for the cybersecurity of automotive systems, which includes the management of third-party component risks. Manufacturers must implement appropriate security measures and conduct risk assessments to mitigate the risks posed by third-party components in autonomous vehicles. 

Supplier Shield Is Here To Help!

Are you looking to ensure a sustainable and safe supply chain in compliance with UN Regulation No. 155? Supplier Shield is the answer! Our TPRM-man aged service is designed and developed by auditors with expertise in information security, data protection, compliance, ethics, and sustainability. With Supplier Shield, you can rest assured that your suppliers remain under control. 

At Supplier Shield, we understand the importance of managing third parties in today’s complex business environment. That is why we offer a centralized platform that enables manufacturers to track their suppliers’ security status, including security assessments, evaluations for conformance, certifications, and security incidents. With this level of visibility, vehicle manufacturers can identify potential vulnerabilities and threats in their supply management and mitigate risks before they become a problem. 

Our platform is easy to use, intuitive and designed to meet the needs of modern businesses. We offer a comprehensive set of tools that can help you manage your suppliers more effectively and efficiently. Whether you are looking to comply with regulations, reduce risk, or improve your sustainability credentials, Supplier Shield can help. 

Supplier Shield is not just a platform for managing your suppliers; we are your partner in compliance and cybersecurity. Our team of certified experts is always available to assist manufacturers in assessing the compliance of their third parties with your cybersecurity requirements. Our unique approach to assessments and evidence-based corroboration ensures that you have all the information you need to make informed decisions about your suppliers. 

Unlike traditional questionnaires, which can be ineffective and burdensome for suppliers, Supplier Shield has developed an efficient method for Third-party risk management. Our approach is based on the expertise of our multicultural team and the feedback of major enterprises, ensuring that it is both practical and effective. By leveraging Supplier Shield, manufacturers can improve their overall cybersecurity posture, reduce risks in their supply chain, and ensure compliance with UN Regulation No. 155. 

So, if you are looking for a partner who can help you navigate the complexities of supplier management and compliance, we have the expertise, technology, and commitment to excellence that you need to stay ahead of the curve and secure your business for the future. Contact us today to learn more about how we can help you achieve your goals. 

Nicolas Rossel
Previous

Mitigating Third-Party Risks in an Era of ‘Too Big to Fail’​
Next

Inauguration of our new offices in Morges (CH)