TAM CERT Hungary Inspection and Certification Ltd.

Author Archive

A New era for cars in cybersecurity! Introducing ISO 21434

Posted on: May 9th, 2024 by Kuris Zsuzsanna

Cars have evolved before our eyes from vehicles into highly efficient cyber-physical systems. Electronic components, software, and interconnected devices have ushered in a new era in automotive history. However, the risk of threats has increased in parallel. The automotive industry’s response to these challenges is the “ISO/SAE 21434 Road Vehicles – Cybersecurity Engineering,” a revolutionary standard that helps address cybersecurity challenges starting from the design phase.

Cybersecurity threats to vehicles are a major concern, as they are becoming more interconnected and increasingly reliant on electronic systems. If hackers can exploit these systems, they could put countless lives at risk. Here are a few examples of this danger:

 

Hacked Vehicles Pose a Serious Danger

Attackers can exploit vulnerabilities in vehicle-connected systems, like infotainment, Bluetooth, or Wi-Fi, to gain unauthorized access to control systems. They can eavesdrop on wireless signals, track the vehicle’s location, or inject malicious commands.

Once inside the system, they can manipulate critical functions like braking, acceleration, and steering. Keyless entry and ignition systems can also be vulnerable to techniques like relay attacks, which amplify signals from the key fob to unlock or start the car remotely.

Malware can disrupt vehicle functions, steal sensitive data, or even demand ransom for it. Such malware can infiltrate systems through updates or via the OBD-II port used by mechanics for diagnostics.

Connected cars collect enormous amounts of data about passengers, including location history, driving behavior, and personal preferences. Access to this data can lead to identity theft.

 

The New Cybersecurity Standard: ISO/SAE 21434

The “Road Vehicles – Cybersecurity Engineering,” known as ISO/SAE 21434, is a joint product of the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE). It is the first cybersecurity standard that impacts virtually every operation, role, process, and organization involved, covering the entire vehicle ecosystem.

 

The primary goal of ISO/SAE 21434 is to make cybersecurity an integral part of development, ensuring these principles apply at every stage of the vehicle’s lifecycle. It also provides comprehensive guidance on managing risks from concept and development to manufacturing, operation, and maintenance.

At the heart of the standard is the concept of cybersecurity engineering. The goal is for manufacturers to systematically identify and mitigate cybersecurity risks associated with vehicle systems and components. The standard outlines a consistent process to define security requirements and then implement and verify measures.

One of the core principles of ISO/SAE 21434 is collaboration. It encourages communication between automakers, suppliers, regulators, and other stakeholders to promote a shared understanding of best practices. It also emphasizes the importance of continuous monitoring and improvement, recognizing that cybersecurity is a dynamic field requiring constant adaptation.

 

This standard is a groundbreaking advancement in automotive cybersecurity, and its adoption is an urgent task. A document as complex and comprehensive as this may be challenging to grasp initially, but at QTICS, we are here to help you if you need assistance in understanding it. As consultants specializing in embedded systems, network systems, and IoT cybersecurity, we strive to ensure our clients fully understand the new standard and achieve compliance.

Contact: info@tamcert.hu

Navigating the Landscape of EuroPrivacy: A Primer on Europe’s Data Protection Framework

Posted on: April 18th, 2024 by Kuris Zsuzsanna

In today’s digital age, where personal data is increasingly becoming the currency of the internet, concerns over privacy and data protection have never been more prominent. In Europe, the European Union (EU) has taken significant steps to safeguard the privacy rights of its citizens through robust legislation, notably the General Data Protection Regulation (GDPR). However, EuroPrivacy emerges as a complementary framework, offering additional layers of protection and guidelines within the EU’s broader privacy landscape.

EuroPrivacy, also known as the “European Privacy Seal”, represents a set of standards and criteria developed to certify compliance with European data protection regulations. It aims to enhance consumer trust in digital services and products by ensuring they meet stringent privacy requirements. While EuroPrivacy aligns closely with GDPR principles, it goes beyond by providing specific criteria for certification and verification processes.

At its core, EuroPrivacy focuses on certifying products, services, and data processing activities to ensure they adhere to EU data protection standards. It offers a voluntary certification scheme that enables organizations to demonstrate their commitment to privacy and gain a competitive advantage in the market. By obtaining EuroPrivacy certification, businesses signal to consumers that they prioritize privacy and data protection, fostering trust and loyalty.

One of the key features of EuroPrivacy is its adaptability to various sectors and industries. Whether it’s healthcare, finance, e-commerce, or telecommunications, the framework offers tailored criteria to address the specific privacy challenges each sector faces. This flexibility allows organizations to implement privacy measures that are not only compliant with EU regulations but also relevant to their respective fields.

Furthermore, EuroPrivacy certification is not a one-time process but requires regular audits and assessments to ensure ongoing compliance. This dynamic approach reflects the evolving nature of data protection risks and the need for continuous vigilance in safeguarding personal information. By undergoing periodic evaluations, certified entities demonstrate their commitment to maintaining high standards of privacy protection over time.

EuroPrivacy also emphasizes transparency and accountability in data processing practices. Organizations seeking certification must provide clear and accessible information to users about how their data is collected, used, and shared. This includes obtaining explicit consent for data processing activities and implementing measures to secure data against unauthorized access or disclosure.

From a consumer perspective, EuroPrivacy offers peace of mind knowing that certified products and services prioritize their privacy rights. The EuroPrivacy seal serves as a recognizable symbol of trust, guiding consumers toward choices that align with their values and preferences regarding data protection. By encouraging widespread adoption of privacy-enhancing technologies and practices, EuroPrivacy contributes to a safer and more trustworthy digital environment for all.

However, EuroPrivacy is not without its challenges. The certification process can be resource-intensive for organizations, particularly smaller businesses with limited budgets and expertise in data protection. Additionally, achieving and maintaining compliance requires ongoing investment in technology, training, and infrastructure, which may pose barriers to entry for some entities.

Moreover, the regulatory landscape surrounding data protection continues to evolve, with new challenges arising from emerging technologies such as artificial intelligence and the Internet of Things. EuroPrivacy must remain adaptable and responsive to these developments to ensure its relevance and effectiveness in safeguarding privacy rights in the digital age.

In conclusion, EuroPrivacy represents a significant step forward in Europe’s commitment to protecting the privacy and data rights of its citizens. By offering a robust certification framework tailored to different sectors and industries, EuroPrivacy promotes transparency, accountability, and trust in the digital marketplace. While challenges remain, the continued evolution and adoption of EuroPrivacy are essential for building a privacy-respecting society in the digital era.

How can TAM CERT help?

TAM CERT Hungary Inspection and Certification Ltd. is the first and currently only accredited certification organization in the EU for GDPR certification. TAM CERT has been selected and qualified as the EuroprivacyTM® official partner by the European Centre for Certification and Privacy.

We support and prepare our clients for certifying the conformity of their data processing activities with Europrivacy and the European General Data Protection Regulation (GDPR).

The Testing, Inspection and Certification industry is based on the demand for the conformity assessment of increasingly complex technological value creation procedures, processes, products and the persons operating them. Already present in Europe and globally, TAM CERT Hungary Inspection and Certification Ltd. is one of the most reliable TIC and independent expert companies.

By completing the certification process with us, your company can demonstrate compliance through impartial third-party assessment, develop competitive advantages and increase market valuation by reducing risks and uncertainty for investors.

Certification through the Europrivacy GDPR will also improve your reputation and access to the market, and build trust through continuous updates and monitoring.