Browse Publications Technical Papers 2022-01-0116

Identifying Cybersecurity Focus Areas in Connected Cars Based on WP.29 UN-R155 Attack Vectors and Beyond 2022-01-0116

The UN working group WP.29 published UN Regulation No. 155, the “Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management systems,” which became a binding resolution on January 22nd, 2021 with expectations that at least 54 countries will mandate it starting July 2022. The regulation lists 69 attack vectors directly affecting vehicle cyber security. Car manufacturers, suppliers, government organizations, etc. all stakeholder’s cooperation and efforts are necessary for the successful implementation of the published regulation. The first course of action is to sort these attack vectors according to their expected threat severity levels, so stakeholders can determine the order in which to tackle mitigating said threats. In this paper, using the industry standard DREAD threat modelling, we calculated the severity levels of the attack vectors listed in the WP.29 UN-R155 cyber security regulation. Additionally, we go beyond the attack vectors listed in UN-R155 - using our own analysis, experience and insights, we explored other attack vectors that will also affect vehicle cybersecurity.


Subscribers can view annotate, and download all of SAE's content. Learn More »


Members save up to 17% off list price.
Login to see discount.
Special Offer: Download multiple Technical Papers each year? TechSelect is a cost-effective subscription option to select and download 12-100 full-text Technical Papers per year. Find more information here.