What is software update management system (SUMS)? The basis for the Software Update Management System (SUMS) consists of two parts – UNECE’s Regulation No. 156, in which requirements towards the vehicle type are tested and certified and the international standard ISO 24089 Road vehicles – Software update engineering which is an industry-developed framework. In the following you will find an overview.
- I. Vehicle Software Update Management Systems and the UN R156
- II. Four key aspects to implement the requirements of Software Update Management System (SUMS)
- III. Software management update system: A topic within the organization and outside the organization
- IV. How to successfully implement software update management system in your organization
- V. Software Update Management System Summary
Just to get things clear: Software updates, for outsiders that currently sounds more like IT, notebook, or smartphone. À la: End of work, shut down, but no, another mandatory update.
Looking at the automotive industry, which for decades was completely dependent on analogue and on-site, the possibilities of software updates more or less change everything. Think of time, efficiency, costs, and new possibilities.
Software updates are therefore already being increasingly used today. In the digitalized and fully networked car of the future, they will be indispensable.
Therefore, the need for the industry to standardize software updates is on the rise and this is where the ISO 24089 comes in place, as it will provide technical requirements for software updates among other important topics.
Despite all the legitimate enthusiasm, however, software updates have a safety-critical relevance and require special consideration from the perspective of cybersecurity.
Vehicle Software Update Management Systems and the UN R156
Software Update Management Systems include over-the-air updates (OTA), as well as updates via USB, and devices in car repair shops.
Updates can be both
- new software or apps for entertainment or navigation,
- but also updates to firmware or components within the vehicle.
The requirements of UN R156 include these essential aspects:
- security of the software updates themselves,
- security of the associated software update processes,
- verification and validation of the functioning of the code within the vehicle
- and the prevention of unauthorized updates.
Furthermore, the continuous operational reliability of over-the-air updates while driving should be ensured.
At the same time, the execution of the updates should be performed in a secure way and, if necessary, by vehicle owners or in auto repair shops under appropriately technically proficient conditions.
There are also additional requirements: For example, on the availability and security of software versioning, as well as on the communication and documentation of the processes involved, the updates carried out and the associated software information.
You can watch the CYRES Academy UN Regulation No. 156 video course for more details:
Four key aspects to implement the requirements of Software Update Management System (SUMS)
To implement the requirements of Software Update Management Systems SUMS, the following activities are essential:
- Goals and objectives in governance should be created or expanded to enable the planning and operation of a software update management system and to make it implementable and monitorable by means of auditing.
- From this, processes for managing the SUMS should be derived and established. In addition to the implementation and auditing topics already mentioned, it becomes important to establish processes for information distribution and reporting within the operating model. At the same time, it is important to ensure the correct execution of the SUMS and to enable continuous improvements. And – an important aspect – of course also to ensure appropriate traceability for the examination and approval of the vehicle type. In this respect, it is important to identify risks in the implementation of software updates as well as in the organization and infrastructure and to include them in the risk management.
- This requires organization-wide and project-specific processes, roles, responsibilities, but also tools and technologies that control the setup and execution of the SUMS and prepare information from it for the management but also for the authorities or the technical service.
- Operationally, SUMS also includes consideration of requirements for vehicle configuration and its performance. In this context, existing development and roll-out processes should be reviewed, especially to ensure documentation and traceability of the consideration of vehicle communication processes, performance of systems and components, vehicle status, fault avoidance and fault control.
While these points were indispensable for the pure functionality of the vehicles before the implementation of the regulations, now the highest attention must be paid to the importance of good documentation and the verifiability by the authorities or technical services.
To this end, proper planning, execution and documentation of communication with vehicle users as well as the validation and verification of software updates are particularly important.
The resulting coordination effort and the necessary exchange of information will be clear to anyone who has ever dealt with automotive projects.
Software management update system: A topic within the organization and outside the organization
Briefly, a differentiation between the new management systems to be established, the CSMS and the SUMS.
Differentiation CSMS and SUMS
While the Cybersecurity Management System (CSMS for short) establishes cybersecurity in the organization, processes and operational aspects (and accordingly brings new processes for the management of cybersecurity), SUMS focuses more on cybersecurity in the management of and in the secure execution and implementation of software updates in vehicles.
It is important to note that these updates can occur at different points in the development project / product lifecycle. For example, in the development, production or post-production process. At all stages, all associated processes must be managed correctly.
OEMs must ensure software update management system requirements across the entire value chain
Similar to the CSMS, however, the same applies here: The OEMs must demonstrate that the software update management system is managed along the entire value chain.
Consequently, all stakeholders involved need to be aware of requirements, processes, and dependencies of software updates, from Tier 1 to Tier n supplier level.
This means that suppliers must also work in compliance with the SUMS regulation and standard.
How to successfully implement software update management system in your organization
In order to implement software update management system successfully in your organization, it is possible to build on existing processes.
However, from our experience, one of the major challenges is to establish cybersecurity awareness in the minds of all departments and employees involved in order to integrate cybersecurity into processes as default.
This is also the case in the environment of software engineering and rollouts.
In addition to establishing a cybersecurity culture, however, it is also about very tangible aspects. There is a need for an overview of existing vehicle systems, components and related software and version statuses, for example by means of configuration or asset management.
The following must be established:
- Processes for securing software updates “at rest” or “in transition”,
- Processes for securely installing updates via a variety of update methods, while ensuring the safety of the vehicle and occupants,
- Processes for verifying the implementation of updates as well as error handling
- and processes for documentation and traceability of the previously designated procedures.
In addition, the security and availability of the infrastructure, over which the software updates run, must be consistently ensured.
Communication with vehicle owners/drivers and the involvement of these or trained specialists in the software update process must also be taken into account.
Finally, system or software lifecycle and end of support or end of life issues also play a role in the software update process as well as in the consideration of cybersecurity for systems and components.
In this context, different challenges and requirements from the establishment of a CSMS will have to be met. However, processes between a CSMS and SUMS for cybersecurity management go hand in hand here.
(A separate discussion of the comparison will be published in our blog shortly).
Software Update Management System Summary
Besides ISO /SAE 21434 and ISO 24089, other standards, such as ISO 26262, ISO/PAS 21448, ISO 9001, ISO 10007, ISO/IEC 15288 and ISO/IEC 12207, and ISO 27001, can also be included for the infrastructure associated with software updates.
You can read more about the significance of ISO 24089 for the industry, how it relates to software update management systems and how it differs from UN R156 in our ISO 24089 blog article.
In summary, it can be said that because of the new regulations and the SUMS standard, the established structures and processes must be examined, adapted and, if necessary, restructured at both organizational and technical levels.
The corresponding requirements for the software update management system must be implemented, documented, and prepared.
These enhancements and changes must be applied correctly and communicated accordingly so that the entire organization and all stakeholders can be involved and considered.
Taking this into account, all stakeholders should pay attention to the dialog between OEMs and service providers at an early stage and with sufficient capacity to ensure smooth software updates. Our dedicated Fundamental Principles of Automotive Cybersecurity for Executives and Managers Awareness Sessions supports you on starting a conversation surrounding cybersecurity topics with an expert, who will navigate through your current situation, help you understand your current needs, and set your path to become a cybersecure organization.
Tobias Pilz is Lead Senior Consultant at CYRES Consulting. His expertise includes the implementation and audit of Information and Cybersecurity Management Systems and Processes as well as Ethical Hacking.
At CYRES Consulting he is involved in different cybersecurity projects and also a member of the DIN NA052-00–32-12 AK Software Update Engineering and thus also of the ISO/TC 22/SC 32/WG 12 “Software Update” covering the development of the ISO 24089.