AVL, Cybellum Partner To Provide Automated Cybersecurity Vulnerability Management

With the growing scale and complexity of vehicle software, often called the “data centre on wheels,” attack surfaces are increasing, as do cyberattacks within the automotive market.

Upcoming UNECE WP.29 R155 and R156 regulations as well as the ISO/SAE 21434 standard, mandate that OEMs and their supply chain proactively manage cyber risks, and put Cyber Security Management Systems (CSMS) and Software Update Management Systems (SUMS) in place, to safeguard road users, vehicles and the infrastructure across the entire development and life cycle.

The partnership between AVL and Cybellum is geared towards the new challenges the automotive industry is facing: to drive innovation and accelerate development in light of ongoing cyber threats and increased regulatory pressure. To that end, Cybellum’s Product Security Platform will be integrated into AVL’s Cyber Security Ecosystem.

“We are excited about this partnership,” says Gianluca Vitale, Global Business Segment Manager at AVL.”The combination of AVL’s and Cybellum’s toolchains enables our customers to efficiently manage vulnerabilities within a large number of software versions for different control units down to a single-vehicle variant. We can offer our customers an optimal solution for safeguarding their certification relevant processes. We cover the entire process from development to calibration to release deployment within each vehicle variant.”

AVL supports OEMs, Tier-n suppliers, engineering service providers and certification bodies to increase efficiency in managing certification processes, software lifecycle management and testing. The cyber security offering addressed safety and cybersecurity from the vehicle level down to the relevant components throughout life. It is a suite of process management, testing and the market-leading lifecycle tool for control unit software and parameter management used by various OEMs, Tiers and AVL engineers.

Cybellum Product Security Platform continuously monitors vehicle software for vulnerabilities and cybersecurity threats, mitigating design and post-production risks. Cybellum’s Cyber Digital Twins™ technology provides developers with a blueprint of their product component’s software to rapidly identify vulnerabilities.

“We are delighted to partner with AVL. AVL’s vast know-how, experience and product offering coupled with Cybellum’s expertise and a lifecycle approach to cybersecurity is a force multiplier for our customers,” says Eddie Lazebnik, Global Partnerships Director at Cybellum. “Together, we will enable manufacturers and their suppliers to build quality automotive products that will be secure and compliant from design to post-production.”

The joint offering by AVL and Cybellum enables vehicle manufacturers and component suppliers to set up their vehicle and component related security projects, automate risk assessment and mitigation, and manage certification-related work across the value chain. In particular, the combination of AVL CRETA and Cybellum’s Product Security Platform enables our customers to perform automated vulnerability management across software versions and parameter sets generated during development, production or even when deployed to the vehicle fleet.