How to secure development environments

In July 2024, Porsche announced the discontinuation of its petrol-powered Macan sports utility vehicle (SUV) sales in Europe due to cyber security compliance issues with UN Regulation No. 155. This regulation mandates robust cyber security measures to protect vehicles from cyber threats, highlighting the direct impact of cyber security regulations on the automotive industry. While this is a drastic instance of a cyber security regulation directly affecting the automotive industry, other regulations, such as the Network and Information Security Directive (NIS2), impose cyber security standards in more subtle yet comprehensive ways. The NIS2 is set to transform cyber security expectations across various industries, including automotive manufacturing. NIS2 extends beyond simple compliance, emphasising proactive cyber security measures that start long before cars are built. The upcoming implementation in the automotive industry aims to enhance cyber resilience and mitigate the financial and reputational damage caused by cyber incidents. This directive covers the entire life cycle of a vehicle, from the initial design and development of the car and its software to the production and maintenance stages. This paper proposes that urgent action is required to safeguard the industry’s digital infrastructure from increasing cyber security threats.