Intelligent and Connected Vehicles

Intelligent and Connected Vehicles (ICVs) are modern automobiles equipped with advanced sensors, controllers, and communication technologies that enable Vehicle-to-Everything (V2X) data exchange. Their core characteristic is the convergence of connectivity and intelligence, which transforms them from isolated mechanical systems into nodes on an open information network, creating new cyber attack surfaces. Within risk management, ICVs are the primary assets requiring protection under automotive cybersecurity frameworks. UN Regulation No. 155 and the ISO/SAE 21434 standard provide a mandatory governance structure, requiring manufacturers to implement a Cybersecurity Management System (CSMS) to systematically manage risks throughout the vehicle's entire lifecycle, from concept to decommissioning. This distinguishes ICVs from Electric Vehicles (EVs), which focus on the powertrain, or Autonomous Vehicles (AVs), which are defined by their level of driving automation.

In enterprise risk management, managing ICV cybersecurity risks involves a structured process centered on implementing a Cybersecurity Management System (CSMS) compliant with ISO/SAE 21434. Step 1 is establishing a governance framework, which includes defining a corporate cybersecurity policy, assigning roles and responsibilities, and integrating these into existing quality management systems like IATF 16949. Step 2 is conducting a Threat Analysis and Risk Assessment (TARA) for each vehicle type to systematically identify threats, analyze their potential impacts on safety and privacy, and determine risk levels. Step 3 is implementing and verifying security controls based on TARA results, such as encrypted communications, intrusion detection systems (IDS), and secure Over-The-Air (OTA) updates, whose effectiveness must be validated through methods like penetration testing. A global Tier-1 supplier that adopted this process reduced pre-production vulnerabilities by 40%, accelerating OEM integration and ensuring UN R155 compliance.

Taiwanese enterprises face three primary challenges in ICV cybersecurity. First, complex supply chain management: cascading the stringent requirements of ISO/SAE 21434 down to numerous smaller suppliers to ensure component compliance is a significant hurdle. Second, a talent shortage: there is a scarcity of professionals with dual expertise in automotive engineering and cybersecurity, hindering effective TARA execution and secure development. Third, the technical difficulty of integrating safety and security: merging cybersecurity (ISO/SAE 21434) and functional safety (ISO 26262) processes without creating conflicting requirements is a major challenge for R&D teams. To overcome these, firms should prioritize establishing supplier security assessment criteria (6-month timeline), partner with expert consultants like Winners Consulting for training and tool implementation (3-month timeline), and develop an integrated safety and security engineering process for long-term resilience.

Winners Consulting specializes in Intelligent and Connected Vehicles for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact