Starting in the summer, new cybersecurity standards in cars will be applied in Europe. Several manufacturers use this to reduce their supply. The new rules serve a security policy purpose.

In the movies, master spy James Bond saves the entire world with his well-equipped cars. In reality, real spies can use our cars as tools. This is now being put to an end.

Electronic equipment in cars is not only for the comfort of its drivers but also aims to contribute to safety on the road. It also allows for better and better control of cars and their users.

The United Nations and the European Union have recognized and responded: with the UN standards R155 and R156, which refer to cybersecurity and corresponding software updates, greater demands are also placed on automotive companies and their suppliers. These UN measures will also be implemented in the EU from July 7 of this year.

Four wheel spies

Economic researcher Moritz Schularick explained on March 23 in the Handelsblatt the importance of cybersecurity in transport, stating that it addresses “national security issues”: “This is sensitive data that can be extracted, even from electric cars. From the point of view of the secret services, with their numerous sensors and cameras, they are nothing more than spy machines on four wheels.”

At an event organized by the Helmut Schmidt Foundation and DW in Berlin in December 2023, he had already said: “These cars driving on the streets of Berlin record everything that happens around them and transmit it to their companies, including your company. matrix”. companies in China.” And he asked the rhetorical question: “Do we want that?” Do we want millions of eyes and ears of a foreign government on our streets?”

The spies are already there.

This is also demonstrated by the Automotive Cyber ​​Security study, prepared by the Center for Automotive Management (CAM) in collaboration with the company Cisco Systems in March 2024. With the growing interconnection and digitalization of automobiles, production and logistics, increases the risk of cyber attacks on the automotive industry.

“The cyber danger situation for the automotive industry continues to increase. With the proliferation of software-defined vehicles, electromobility, autonomous driving and the networked supply chain, cyber risks continue to increase,” summarizes the leader of the studio, Stefan Bratzel, director of CAM. .

The study uses examples to show how threatened the industry is. Toyota, the world's largest automaker, had to stop production two years ago because a supplier was affected by “a suspected cyberattack.” In the summer of 2022, the supplier Continental became the target of cybercriminals: attackers stole data from computer systems despite established security measures. Tesla was also attacked in March 2023. The hackers connected to a vehicle and were able to perform various functions. They could, for example, sound the horn, open the trunk, turn on the low beams and manipulate the infotainment system.

The end of Up & Bulli?

Also due to the new regulations, some manufacturers are withdrawing models from their range. At Volkswagen these are the small Up and the Transporter T6.1, at Porsche the Macan, Boxster and Cayman models, which are only exported as “combustion engines”, as reported by the German Press Agency (dpa). Audi, Renault and Smart would also not make older models after the deadline.

The head of the VW brand, Thomas Schäfer, justified the measures to the agency by the great effort required by the new standards: “Otherwise, we would have to integrate a completely new electronic architecture. That would simply be too expensive.”

Wiebke Fastenrath from Volkswagen Commercial Vehicles Corporate Communications confirms this to DW: “To implement the legal regulations for the electronic architecture of the T6.1 would have required very high investments in a platform that is about to expire. Due to the short remaining useful life In the model, these investments were no longer made, especially since successor models are already on the market.”

“An essential hygiene factor”

The Swabian competitor Mercedes-Benz appears to be well prepared. Company spokesperson Juliane Weckenmann explained to DW that “the regulations do not affect the Mercedes-Benz portfolio”: “All our architectures meet the requirements and are or will be certified in due course according to UN R155/R156.”

Volkswagen is also prepared: “For the new model year 2025,” Wiebke Fastenrath told us, “our models will be revised accordingly.” Stefan Bratzel also believes that this is very necessary, because “a professional cybersecurity strategy for companies is increasingly important as an essential hygiene factor in the automotive industry.”

“The issue of cybersecurity is becoming crucial for automotive companies,” adds Christian Korff, member of the management team at Cisco Germany and client of the CAM study. “The automotive industry is the cornerstone of our economy. We cannot afford any vulnerabilities in the cyber sphere. Only those who offer safe vehicles and services at all levels can retain the trust of customers.”

Author: Dirk Kaufmann