The upcoming Euro 7 regulation for cars as well as light- and heavy duty trucks obliges vehicle manufacturers to ensure that the emission limits of their products are met throughout the vehicles’ full useful life. This not only concerns tailpipe emissions of vehicles with combustion engines, but will, at a later stage, also include other emission related aspects such as particulate matter from brakes and tires. Furthermore, the battery life of electrified vehicles is taken into account. 

A specific emphasis of the Euro 7 regulation is placed on antitampering requirements, meaning that vehicle manufacturers must ensure that any relevant control system, e.g. engine control unit (ECU) and battery management system (BMS) is protected against manipulations that could affect emissions or battery life. These antitampering requirements have a direct impact on the cybersecurity activities that manufacturers must consider within their own development scope or that of their suppliers. 

In general, these activities can be well aligned with the cybersecurity development process according to ISO/SAE 21434, but some specific considerations should be taken into account, as suggested by FEV.io in Figure 1. 

At the beginning of the cybersecurity lifecycle, the item definition and the threat analysis and risk assessment (TARA) must already include information about assets relevant for Euro 7 compliance, such as emission control systems, the battery management system, and related sensors and actuators. FEV.io has developed a dedicated library for the risk rating of tampering methods. Using this library helps to identify the most critical tampering risks and define corresponding countermeasures. 

FEV.io’s TARA process systematically links Euro 7relevant assets and tampering threats to cybersecurity goals and requirements, such as secure boot, secure software updates, secure communication, and other security controls. 

The verification & validation program defined by FEV.io includes specific penetration tests to assess protection against unauthorized reprogramming of relevant control units and manipulation of CAN communication between control units and sensors, for example through man-in-the-middle attacks or fault injection attacks. 

As attack methods are constantly evolving, a fundamental requirement for manufacturers is the continual execution of cybersecurity activities as described in Clause 8 of ISO/SAE 21434. The corresponding antitampering requirements of the Euro 7 legislation include logging of relevant events, such as software updates or detected anomalies, as well as the introduction of onboard monitoring (OBM), which continuously observes emission compliance. While these measures are intended to detect and record incidents when they occur in the vehicle, preventive cybersecurity activities are also necessary to avoid such incidents in the first place. These include regular vulnerability scanning and periodic updates of the TARA. FEV.io´s GenAI assisted TARA process supports these continuous activities with highest efficiency, keeping at the same time a balance between automation and human expert oversight. 

Contact

Ensure your cybersecurity strategy meets Euro 7 antitampering requirements and ISO/SAE 21434 standards. Contact our experts to discuss your project and compliance needs at: solutions@fev.io

Authors:
Dr. Bastian Holderbaum
Dr. Miao Zhang
Dr. Yuri Gil Dantas