Cybersecurity & Software Updates

This domain view focuses on day-to-day cybersecurity management activities that feed the UN-R155/R156 regulations.

CSMS operations

• Maintain a cybersecurity_plan artifact outlining roles, monitoring tooling, and escalation paths.
• Record threat intelligence updates and vulnerability assessments as threat/vulnerability artifacts with timestamps.
• Link mitigation controls (control) to both threats and vulnerabilities with effectiveness metrics.

SUMS operations

• For every software release, create an ota_campaign artifact containing target ECU list, deployment waves, and rollback strategy.
• Attach validation reports, penetration test results, and regulator notifications.
• Capture customer communications and regulatory notifications as attachments or dedicated artifacts.

Monitoring and incident response

• Store security alerts and incident investigations as incident_report artifacts with severity, status, and lessons_learned fields.
• Link incidents back to affected ota_campaign or control artifacts to show containment actions.
• Use tw trace to follow incident impact across hazards, requirements, and deployed software.

Metrics dashboard

• Export periodic summaries using tw export --format security-dashboard (threat status, open vulnerabilities, control coverage).
• Track remediation lead time by comparing vulnerability discovery and closure timestamps.

Collaboration with suppliers

• Require suppliers to sign their cybersecurity evidence packages.
• Merge supplier packs into the OEM package while preserving provenance and signatures.
• Run trf-validator on incoming packages before integrating them into CSMS or SUMS reports.

Review regulatory specifics in UN-R155 & UN-R156 and align with broader automotive process documentation in Automotive Programs.