In a pivotal advancement for the automotive sector, Alexander Dennis, a subsidiary of NFI Group Inc. and a global leader in bus manufacturing, has achieved certification for its cybersecurity management system (CSMS) from the United Kingdom’s Vehicle Certification Agency (VCA) in alignment with UN Regulation 155. Announced on August 12, 2024, this accreditation signifies the company’s unwavering dedication to rigorous cybersecurity protocols, ensuring the protection and safety of its vehicles throughout their operational lifespan.
UN Regulation 155, an internationally endorsed standard, delineates the criteria for evaluating vehicle cybersecurity and associated management systems. The regulation’s primary objective is to mitigate risks tied to malicious cyber activities targeting vehicles, addressing vulnerabilities from the development phase through postproduction. Although adherence to UN Regulation 155 is not obligatory in the UK market, Alexander Dennis’s proactive initiative in securing this certification reflects a forward-looking strategy aimed at bolstering vehicle security.
The certification process was exhaustive, entailing a meticulous audit conducted by VCA specialists who scrutinized Alexander Dennis’s documentation, tools, templates, and processes. This comprehensive review also included interviews with key personnel responsible for the CSMS operations. The stringent examination ensured that Alexander Dennis’s cybersecurity measures were in full compliance with the demanding standards set forth by Regulation 155.
Chris Gall, Group Engineering Director for Alexander Dennis, highlighted the significance of this certification, stating, “We take all aspects of security at every stage of a vehicle’s life extremely seriously. A robust cyber security management system is key to minimize the risk of malicious interference, and we are proud to have put this in place and have its compliance recognized by the VCA.”
Beyond UN Regulation 155, Alexander Dennis has also integrated ISO SAE 21434 standards on cybersecurity engineering for road vehicles into its CSMS. ISO SAE 21434 offers a comprehensive framework for tackling cybersecurity risks in the automotive industry, encompassing the entire vehicle lifecycle from conceptualization to decommissioning. By embedding these standards, Alexander Dennis ensures that its cybersecurity practices are in harmony with globally recognized best practices, thereby enhancing the overall security of its vehicles.
The implications of Alexander Dennis’s CSMS certification extend beyond the company itself, offering valuable insights for the broader automotive industry. As vehicles become increasingly interconnected and autonomous, the threat of cyberattacks escalates, necessitating robust cybersecurity measures. By securing UN Regulation 155 certification, Alexander Dennis sets a benchmark for other manufacturers, underscoring the critical importance of proactive cybersecurity management.
Furthermore, this certification underscores the company’s commitment to safeguarding not only its proprietary assets and technologies but also the data and safety of its customers. Chris Gall aptly noted, “By following the standards of UN Regulation 155, we can be sure to have a solid framework to protect our and our customers’ data, assets, and technology.”
Looking ahead, the certification of Alexander Dennis’s CSMS lays the groundwork for the development of future products and services that prioritize cybersecurity. As the automotive industry continues to evolve, incorporating advanced cybersecurity measures will become increasingly imperative. Alexander Dennis’s accomplishment serves as a model for other manufacturers, highlighting the necessity of comprehensive safeguards to effectively manage cybersecurity risks.
Ultimately, Alexander Dennis’s certification under UN Regulation 155 represents a significant milestone in the company’s commitment to vehicle cybersecurity. By adhering to stringent international standards and integrating best practices, Alexander Dennis not only bolsters the security of its vehicles but also sets a standard for the industry. As vehicles become more connected and autonomous, robust cybersecurity measures will be crucial in ensuring the safety and security of both vehicles and their occupants.