What is SUMS? The basis for the Software Update Management System (SUMS) consists of two parts – the regulation UN R156 of the UNECE, against which requirements towards the vehicle type are tested and certified, and the international standard ISO 24089, which is an industry-developed framework. In the following you will find an overview.
- I. Software updates around the vehicle and the UN R156
- II. Four key aspects to implement the requirements of Software Update Management System (SUMS)
- III. SUMS: A topic within the organization and outside the organization
- IV. How does SUMS implementation succeed in the organization?
- V. Software Update Management System Summary
ISO 24089 Road vehicles – Software update engineering is currently still in “Under development” status. It will describe the technical requirements to be compliant with UN Regulation No. 156 – Software update and software update management system (short: UN R156).
With regard to the product liability law, the ISO 24089 standard is seen as a minimum requirement and/or recommendation for the design of processes and implementations as well as for the rollout and management of software updates.
Just to get things clear: Software updates, for outsiders that sounds first and foremost like IT, notebook or smartphone. End of work, computer off, but no, another update. However, software updates are already being used by the automotive industry. And here, of course, they are highly critical in terms of security.
Software updates around the vehicle and the UN R156
Software updates include over-the-air updates (OTA) as well as updates via USB or devices in car repair shops.
Updates can be both
- new software or apps for entertainment or navigation,
- but also updates to firmware or components within the vehicle.
The requirements of UN R156 include these essential aspects:
- security of the software updates themselves,
- security of the associated software update processes,
- verification and validation of the functioning of the code within the vehicle
- and the prevention of unauthorized updates.
Furthermore, of course, the continuous operational reliability of over-the-air updates while driving should be ensured.
At the same time, the execution of the updates should be performed in a secure way and, if necessary, by vehicle owners or in auto repair shops under appropriately technically proficient conditions.
There are also additional requirements: For example, on the availability and security of software versioning, as well as on the communication and documentation of the processes involved, the updates carried out and the associated software information.
Four key aspects to implement the requirements of Software Update Management System (SUMS)
To implement the requirements of SUMS, the following activities are essential:
- Goals and objectives in governance should be created or expanded to enable the planning and operation of a software update management system and to make it implementable and monitorable by means of auditing.
- From this, processes for managing the SUMS should be derived and established. In addition to the implementation and auditing topics already mentioned, it becomes important to establish processes for information distribution and reporting within the operating model. At the same time, it is important to ensure the correct execution of the SUMS and to enable continuous improvements. And – an important aspect – of course also to ensure appropriate traceability for the examination and approval of the vehicle type. In this respect, it is important to identify risks in the implementation of software updates as well as in the organization and infrastructure and to include them in the risk management.
- This requires organization-wide and project-specific processes, roles, responsibilities, but also tools and technologies that control the setup and execution of the SUMS and prepare information from it for the management but also for the authorities or the technical service.
- Operationally, SUMS also includes consideration of requirements for vehicle configuration and its performance. In this context, existing development and roll-out processes should be reviewed, especially to ensure documentation and traceability of the consideration of vehicle communication processes, performance of systems and components, vehicle status, fault avoidance and fault control.
While these points were indispensable for the pure functionality of the vehicles before the implementation of the regulations, now the highest attention must be paid to the importance of good documentation and the verifiability by the authorities or technical services.
To this end, the proper planning, execution and documentation of communication with vehicle users as well as the validation and verification of software updates are of particular importance.
The resulting coordination effort and the necessary exchange of information will be clear to anyone who has ever dealt with automotive projects.
SUMS: A topic within the organization and outside the organization
Briefly, a differentiation between the new management systems to be established, the CSMS and the SUMS.
Differentiation CSMS and SUMS
While the Cybersecurity Management System (CSMS for short) establishes cybersecurity in the organization, in processes and in operational aspects (and accordingly brings new processes for the management of cybersecurity), SUMS in comparison focuses more on cybersecurity in the organization of and in the secure execution and implementation of software updates in vehicles.
It is important to note that these updates can of course occur at different points in the development project / product lifecycle. For example, in the development, production or post-production process. At all stages, all associated processes must be managed correctly.
OEMs must ensure software update management system requirements across the entire value chain
Similar to the CSMS, however, the same applies here: The OEMs must demonstrate that the SUMS is managed along the entire value chain.
Consequently, all stakeholders involved need to be aware of requirements, processes, and dependencies of software updates, from Tier 1 to Tier n supplier level.
This means that suppliers must also work in compliance with the SUMS regulation and standard.
How does SUMS implementation succeed in the organization?
In order to implement SUMS in the organization, it is possible to build on existing processes.
From our experience, however, one of the major challenges is to establish cybersecurity awareness in the minds of all departments and employees involved in order to integrate cybersecurity into processes as default.
This is also the case in the environment of software engineering and rollouts.
In addition to establishing a cybersecurity culture, however, it is also about very tangible aspects. There is a need for an overview of existing vehicle systems, components and related software and version statuses, for example by means of configuration or asset management.
The following must be established:
- Processes for securing software updates “at rest” or “in transition”,
- Processes for securely installing updates via a variety of update methods, while ensuring the safety of the vehicle and occupants,
- Processes for verifying the implementation of updates as well as error handling
- and processes for documentation and traceability of the previously designated procedures.
In addition, the security and availability of the infrastructure over which the software updates run must be consistently ensured.
Communication with vehicle owners/drivers and the involvement of these or trained specialists in the software update process must also be taken into account.
Finally, system or software lifecycle and end of support or end of life issues also play a role in the software update process as well as in the consideration of cybersecurity for systems and components.
In this context, different challenges and requirements will have to be met than in the establishment of a CSMS.
However, processes between a CSMS and SUMS for cybersecurity management go hand in hand here.
(A separate discussion of the comparison will be published in our blog shortly).
Software Update Management System Summary
With regard to the implementation of ISO 24089, not only ISO/SAE 21434 is applied.
Other standards, such as ISO 26262, ISO/PAS 21448, ISO 9001, ISO 10007, ISO/IEC 15288 and ISO/IEC 12207, but also ISO 27001, for the infrastructure associated with software updates, can also be included.
In summary, it can be said that because of the new regulations and the SUMS standard, the established structures and processes must be examined, adapted and, if necessary, restructured.
This involves both levels: Organizationally and technically, the corresponding requirements for the software update management system must be implemented, documented, and prepared.
These enhancements and changes must then, of course, be applied correctly and communicated accordingly so that the entire organization and all stakeholders can be involved and taken into account.
With this in mind, all stakeholders should pay attention to the dialog between OEMs and service providers at an early stage and with sufficient capacity to ensure smooth software updates.
Tobias Pilz is Senior Consultant at CYRES Consulting. His expertise includes the implementation and audit of Information and Cybersecurity Management Systems and Processes as well as Ethical Hacking.
At CYRES Consulting he is involved in different cybersecurity projects and also a member of the DIN NA052-00–32-12 AK Software Update Engineering and thus also of the ISO/TC 22/SC 32/WG 12 “Software Update” covering the development of the ISO 24089.