TUV SÜD jointly releases "White Paper on Automotive Supply Chain Cybersecurity Management"

Support the healthy development of the industrial ecosystem

TUV SÜD, a third-party testing and certification organization (hereinafter referred to as "TUV SÜD"), announced the official release of the "White Paper on Cybersecurity Management of Automotive Supply Chains" (hereinafter referred to as "White Paper") compiled by it. The white paper was initiated by the China Intelligent and Connected Vehicle Industry Innovation Alliance (CAICV, referred to as "the Alliance") Information Security Working Group, led by TUV SÜD, Huawei Technologies Co., Ltd., and the National Intelligent and Connected Vehicle Innovation Center, and jointly written by a total of 13 companies . The white paper focuses on the cybersecurity of the automotive supply chain and aims to rely on the high-level capabilities of the domestic automotive cybersecurity ecosystem to identify industry pain points and promote the healthy development of cybersecurity management in the automotive supply chain.

TUV SÜD jointly releases "White Paper on Automotive Supply Chain Cybersecurity Management"

Gather ideas and jointly explore paths and measures for standardized management of the industry

In recent years, the development of automobile intelligence and connectivity has accelerated, innovative technologies have continued to evolve, and industrial transformation has continued to deepen. At the same time, the network security issues faced by automobiles have become increasingly prominent. Many risks and hazards caused by automobile network security incidents have attracted the attention of regulatory authorities, all walks of life in the industry, and the public. As the intelligent connected automobile supply chain market is huge and complex, its constituent entities are diverse and complex, and network security protection involves many links, it is easy to form security gaps and capability shortcomings. Therefore, strengthening the network security capabilities of the entire supply chain of intelligent connected vehicles and building a network security system covering the entire life cycle of intelligent connected vehicles is of great significance to improving the overall security level of the industry and promoting the healthy development of the industry.

This white paper aims at the current status and challenges of automotive supply chain network security, based on current domestic and foreign regulations and standards, expounds the practical points of supply chain network security management for automobile manufacturers, and analyzes the network construction of automobile suppliers from the perspective of management systems and key technologies. The key elements of security capabilities are systematically reviewed and the assessment and certification system applicable to automotive supply chain network security is put forward, and measures and recommendations are proposed to promote the development of automotive supply chain network security.

Content Framework of "White Paper on Cybersecurity Management of Automotive Supply Chain"

Gather consensus to support high-quality integrated development of the industry

As an authoritative international technical service organization in the field of network security assessment and certification, TUV SÜD has participated in the preparation of the automotive supply chain network security assessment and certification section, which focuses on the enterprise's information security management system certification and product information security. Authentication expands. Huang Qingquan, network security business line manager of TUV Süd Greater China Transportation Services Department, a member of the white paper preparation team, said, "The security of the automotive industry requires the joint efforts of the entire industry chain to achieve, which also includes network security. At this stage, network security Regulations and standards only set forth requirements for OEMs, and the supply chain management part is too general, but also puts forward very strict requirements from a regulatory perspective. Since there are no clear boundary requirements and implementation practices, the number of OEMs and suppliers is often increased. This white paper uses regulatory requirements as the basic starting point to discuss the supply chain management requirements of OEMs, and elaborates on the processes and technical requirements for suppliers to support compliance, hoping to provide some blank areas for the industry. Reference. TUV SÜD will also provide further explanations on the compliance logic of supply chain management. "

In the future, with the further improvement of automobile intelligence and network connectivity, automobile supply chain network security management will play an increasingly important role in ensuring automobile network security, and will also become the focus of increasing attention from all walks of life in the industry. It is foreseeable that this white paper will cover supply chain cybersecurity management of automobile manufacturers, and the cybersecurity of automobile suppliers (including automobile system and component manufacturers, service operators, solution integrators, etc. that involve cybersecurity risks). Capacity building provides practical reference.

About China Intelligent Connected Automotive Industry Innovation Alliance

In order to further promote the development of my country's intelligent connected vehicle industry and technology, the Society of Automotive Engineers of China and the China Association of Automobile Manufacturers, with the support of the Ministry of Industry and Information Technology, established the "China Intelligent Connected Vehicle Industry Innovation Alliance" in June 2017, with the Ministry of Industry and Information Technology serving as the guidance of the alliance. unit. The Alliance is a voluntary consortium formed by domestic enterprises, universities, research institutions, industry organizations, etc., including more than 600 member units from the fields of automobiles, information communications, transportation and other fields. In accordance with the agreed working mechanism, the alliance carries out work in policy and strategic research, key common technology research and development, standards and regulations, testing demonstrations, industrialization promotion, academic exchanges and international cooperation, talent training, etc., and has become a domestic driving force for the intelligent connected automobile industry. important platform for development.

About TUV SÜD

TUV Süd was founded in 1866 as the Steam Boiler Inspection Association. Since its development, it has become a global institution. TUV SÜD has established more than 1,000 branches in 50 countries and has more than 25,000 employees. It is committed to continuously improving its technology, system and professional knowledge. The group's technical experts have made significant technological innovations in the areas of Industry 4.0, autonomous driving and the safety and reliability of renewable energy.