The concept of “safety” in the automotive industry has evolved beyond just the physical strength of a vehicle. Today, it encompasses the entire system, including software and its vulnerabilities. Indeed, cybersecurity risks can significantly impact the overall safety of a car on the road. This is why UD Trucks has chosen to partner with VicOne to establish robust cybersecurity processes, accelerating product quality innovation while simultaneously building an environment that’s compliant with UN Regulation No. 155 (UN R155) to meet its regulatory requirements.
We recently sat down with Ryota Kawano, the manager of ERM (enterprise risk management) Cybersecurity at UD Trucks, to talk about the key points of our partnership. These are edited excerpts from our conversation.
Please briefly introduce UD Trucks.
UD Trucks is a leading Japanese commercial vehicle solutions provider active in more than 60 countries, and a proud member of the Isuzu Group, one of the world’s top 10 truck manufacturers. “Innovation that puts people first” has been our core philosophy for the past 80 years and will continue to be so in the future. UD Trucks’ “Fujin & Raijin. Vision 2030.” is designed to echo the challenges that smart logistics faces, focusing on creating smarter and more energy-efficient logistics solutions. We are accelerating our innovation cycles based on digital transformation and software-defined vehicles (SDVs). We aim to provide “safer” products to ensure the sustained operation of smart logistics while prioritizing the safety of every driver on the road.
As SDVs propel smart logistics into a new era, concerns about security risks are mounting. How should the industry rethink its risk management strategy in the dynamic SDV environment?
We’ve already seen ethical hacking experiments that might compromise vehicle safety. While there have been no reported cyberattacks on existing vehicles to date, the risk is growing exponentially. Especially for many SDVs, critical values are standardized across different vehicle configurations through software definitions. This raises the possibility of widespread consequences from a single cyberattack.
To ensure the security of every software update, continuous monitoring for signs of attack on vehicles already on the road is crucial. In addition, the very concept of “speed” becomes a weapon in fighting against evolving cyberthreats. It’s not just about reacting quickly, but about proactive defense.
What challenges does UD Trucks face in dealing with these new risks in the SDV era?
In response to UN R155, UD Trucks has established a robust product security incident response team (PSIRT) to manage product incidents, quality issues, and potential risks arising from cyberattacks. On top of the existing hardware risks, the growing software security risks pose new challenges. Without incorporating security insights into the PSIRT process, UD Trucks might struggle to distinguish between malicious attacks and technical malfunctions. This could lead to delays in identifying and fixing problems, hindering product quality.
What strategies does your company employ to combat these new risks?
To combat growing security risks, we needed a solution to streamline our security operations and gain deeper insights. We opted for VicOne’s xNexus next-gen vehicle security operations center (VSOC) platform, integrating it seamlessly into our existing PSIRT process. VicOne’s industry-leading AI and curated automotive threat intelligence deliver the insights we need: accurate and actionable. Every report equips us with clear and actionable insights, allowing us to identify even unknown risks early on and provide our design teams with precise recommendations with contextualized insights.
Figure 1. In need of a solution to streamline its security operations and gain deeper insights, UD Trucks opted for VicOne’s xNexus next-gen VSOC platform.
When selecting a VSOC solution, what unique considerations did your company have? How can these insights benefit other organizations in their decision-making process?
Cybersecurity isn’t about achieving a perfect score of 100; it’s about implementing solutions that align with the company’s specific business needs and offer a balance between security and cost-effectiveness. VicOne’s cybersecurity proficiency empowers them to tailor their advice to our evolving business environment. Unlike other vendors with overly complicated and inflexible luxury offerings, VicOne crafts customized strategies that enhance our economic viability and integrate seamlessly with our existing operations. We chose xNexus because it delivers exceptional value for the investment. Its scalable design allows us to scale up gradually, make incremental investments, and improve our overall cost structure over time.
What long-term value do you see from this partnership?
VicOne’s adaptability ensures long-term value. As our vehicle architecture evolves and new usage scenarios emerge, VicOne’s automated processes guarantee that the xNexus VSOC platform remains adaptable, reducing manual effort. This ensures continuous support for our latest developments, highlighting VicOne’s commitment to their customers. “Trust VicOne” isn’t just a tagline; it’s what we always feel during the project. We are excited about the potential of VicOne to significantly streamline our software development process and enhance our product development efficiency.
To learn more about VicOne and UD Trucks’ partnership, read our partner story, watch our testimonial, and read our press release.
