DarkReading.com reported that “In Euro 7, regulators warned that the “tampering of vehicles to remove or deactivate parts of the pollution control systems is a well-known problem.” Odometer tampering that can “lead to false mileage” and “hamper the proper in-service control of a vehicle” was another concern expressed in the 2024 document. ” EU Auto Rules Shift Gears on Cybersecurity Standards” (https://www.darkreading.com/cyber-risk/eu-auto-rules-shift-gears-on-cybersecurity-standards) included these comments about “The Trouble with Tampering”:
Cybersecurity’s addition to Euro 7 could be related to “Dieselgate,” a 2015 scandal where Volkswagen was charged with installing software to fake the results of emissions and fuel-efficiency testing. However, and more importantly, it’s a continuation of improvements for emission standards in Europe, says Dr. Liz James, managing security consultant at NCC Group.
Cybersecurity requirements were not explicit in past directives. Now, the objective of taking accurate measurements of emissions from a vehicle over a lifetime is itself under cyber threat, adds James. That begs the question, how can the regulators capture data and ensure it cannot be tampered with or modified?
The EU needs a way to track and manage emissions more efficiently to reduce pollution, and that means trustable data is essential. Euro 7 builds the framework on how to hold the industry accountable, explains James.
Data tampering was an ongoing concern, but now Euro7 ties it into UN Regulation No.555 around cybersecurity management systems, she adds. The regulation aims to set uniform provisions for vehicle approvals. Auto manufacturers must “demonstrate” that they conducted thorough risk and threat analyses to mitigate vulnerabilities and prevent unauthorized access to the vehicle or communication systems.
“Compliance with these emissions standards means you have to explicitly show those threats have been managed,” James adds.
If regulators want to reduce emissions, one of their biggest potential opponents is the manufacturers themselves who are responsible for managing emissions, notes James. It all boils down to helping regulators ensure the accuracy of information despite so many car companies involved having incentives to manipulate and modify that data.
“If you have a huge deviation between different manufacturers, now you have the ability to question, is that because they’re actually producing more efficient systems or is something suspicious going on?” James says.
No surprises here!
First published at https://www.vogelitlaw.com/blog/eu-rules-that-autos-must-be-cybersecure