Automotive industry experts collaborate on comprehensive connected car vulnerability management
TOKYO, JAPAN, October 4, 2023 – VicOne, an automotive cybersecurity solutions provider, today announced it has signed a memorandum of understanding (MOU) with VinCSS to work together on cybersecurity services for smart vehicles. VinCSS, subsidiary of Vingroup JSC in Vietnam, together with other international vendors provides automotive cybersecurity services for its sister automotive OEM, VINFAST. Through the partnership, VicOne will support VinCSS to improve efficiencies and provide vehicle security beyond vulnerabilities with its VicOne xZETA security scanning and SBOM (Software Bill of Materials) management tool.
Under the MOU, VicOne and VinCSS will combine resources and expertise to address vulnerabilities in the software supply chain, concentrating on the protection of open-source Electronic Control Units (ECUs). Vulnerabilities in ECUs present a significant concern for the automotive industry as they increasingly incorporate open-source software components, which become susceptible to security flaws that may go unnoticed or unaddressed. These vulnerabilities could stem from outdated libraries, unchecked dependencies, or insufficient code reviews.
Figure: VicOne and VinCSS signed MOU for a strengthened partnership on automotive cybersecurity protection. Left 1: VinCSS Vice CEO - Philip Hung Cao, left 2: VinCSS CEO & Founder - Simon Trac Do, andLeft 3: VinCSS head of automotive cybersecurity - Tin Nguyen
The VicOne xZETA helps VinCSS establish vulnerability and SBOM management in a centralized system. Through xZETA’s patent pending VicOne Vulnerability Impact Rating (VVIR) technology, external and internal insights are integrated to prioritize high-risk vulnerabilities, identifying, assessing, mitigating, and monitoring them for a complicated ECU firmware. This empowers VinCSS to swiftly identify and address high-risk issues and formulate corresponding strategies. The complete information feeds back into Threat and Risk Assessment (TARA) results, ensuring alignment with the UN R155 and ISO 21434 process while maintaining a continuous monitoring spirit.
Beyond adhering to the ISO 21434 standards, this initiative emphasizes early security intervention in the connected car development lifecycle. The partnership enhances safety measures while ensuring rigorous standards on supplier components, minimizing potential threats.
“Smart vehicles provide enhanced reliability, better diagnostics, and superior connectivity. They equally expand the attack surface across the connected car ecosystem, making software vulnerabilities a crucial part of this growing threat landscape, so it has to be countered with a comprehensive, all-encompassing solution,” said Edward Tsai, vice president of Strategic Partnership for VicOne. “Keeping vehicle data and identity safe from these attacks is a shared goal for our two companies, and we are committed to improving efficiencies and providing vehicle security beyond vulnerabilities.”
“The alliance between VinCSS and VicOne is both strategic and visionary in securing smart vehicle technologies at the component level. We share a common goal for a safer and more connected automotive future," said Tin. T. Nguyen, deputy director of Automotive Cybersecurity at VinCSS. “In this era of rapid technological evolution, such collaborations are pivotal. As we unite our complementary strengths, the automotive cybersecurity landscape is poised for a transformative journey towards safety, innovation, and excellence.”
VinCSS started the automotive cybersecurity business in 2019 with extensive hands-on experience with multiple projects securing various vehicle models, including successful coordination to obtain EU certifications for an EV maker. It now has a global certified automotive cybersecurity professional team from the U.S., India, the EU, and Vietnam experienced in automotive cybersecurity, offering comprehensive cybersecurity services for smart vehicle OEMs in accordance with ISO 21434, the UN’s R155/156 regulations, best practices, and specific market requirements.
About VinCSS
VinCSS Cyber Security Services Joint Stock Company, established in late 2018, rapidly evolved into a successful startup, achieving significant milestones in various domains such as IT system cybersecurity, Identity and Access Management (IAM), IoT security, and Automotive Cybersecurity.
A standout accomplishment is VinCSS's success in the IAM solution segment. This achievement led to the company being recognized by Frost & Sullivan, a globally renowned market research firm, as an innovator in passwordless authentication within the Southeast Asia region. In a crowning moment at the end of 2022, VinCSS received the Enabling Technology Leadership Award in the SEA Passwordless Authentication Industry category from Frost & Sullivan under the Best Practice Recognition, a highly esteemed accolade in the world of breakthrough technology. For more information visit the VinCSS website at https://vincss.net/ and https://passwordless.vincss.net/en/ecosystem/.
About VicOne
With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry. Purpose-built to address the rigorous needs of automotive manufacturers, VicOne solutions are designed to secure and scale with the specialized demands of the modern vehicle. As a Trend Micro subsidiary, VicOne is powered by a solid foundation in cybersecurity drawn from Trend Micro's 30+ years in the industry, delivering unparalleled automotive protection and deep security insights that enable our customers to build secure as well as smart vehicles. For more information, visit https://vicone.com.
Media Contact
Myla Pilao
myla_pilao@vicone.com
