Achieving AIS 189 and AIS 190 Compliance in India: How Sibros Empowers OEMs

Key Takeaways

• Understanding AIS 189 and AIS 190: Overview and significance of the standards.
• Compliance Requirements: Key requirements for OEMs under AIS 189 and AIS 190.
• Impact on OEMs: Implications and necessary adjustments for OEMs.
• Enforcement Details: How compliance is monitored and enforced.
• Sibros' Role: How Sibros can assist OEMs in achieving and maintaining compliance.
• Preparation Tips: Steps for OEMs to prepare for AIS 189 and AIS 190 compliance.

The AIS 189 and AIS 190 Explained

AIS 189: A Strategic Framework for Automotive Cybersecurity

AIS 189 stands as a cornerstone in the realm of automotive cybersecurity, offering a comprehensive framework that ensures vehicles are safeguarded against the evolving landscape of cyber threats. This standard compels Original Equipment Manufacturers (OEMs) to integrate a rigorous Cyber Security Management System (CSMS) into their operations, ensuring vehicles remain secure throughout their lifecycle. AIS 189's scope spans across vehicles equipped with electronic control units (ECUs), encompassing categories M and N, and extends to category T vehicles with at least one ECU and category L7 vehicles featuring automated driving functionalities at level 3 or higher.

Core Components of AIS 189

• Cyber Security Management System (CSMS): OEMs are required to implement a CSMS that proactively identifies, assesses, and mitigates cyber threats. This system is designed to be dynamic, adapting to new threats as they emerge over the vehicle’s lifecycle.
• Risk Assessment and Management: Continuous risk assessments are essential under AIS 189. These assessments are aimed at pinpointing potential vulnerabilities in the vehicle's electronic systems and ensuring that appropriate countermeasures are in place.
• Incident Response: AIS 189 mandates that OEMs develop and maintain robust incident response protocols. These protocols must enable rapid detection, effective response, and swift recovery from cybersecurity incidents, minimizing potential damage and ensuring vehicle safety.
• Documentation and Reporting: OEMs must maintain detailed documentation of their cybersecurity processes and protocols. Regular reporting to regulatory bodies is also required, ensuring transparency and accountability in the management of vehicle cybersecurity.

AIS 189 not only sets the foundation for secure vehicle design but also drives the continuous improvement of cybersecurity practices within the automotive industry.

AIS 190: Enhancing Vehicle Software Integrity Through Effective Management

AIS 190 represents a pivotal standard in the automotive industry, focusing on the secure and efficient management of software updates in vehicles. This standard mandates that Original Equipment Manufacturers (OEMs) implement robust Software Update Management Systems (SUMS) to ensure that vehicles can safely receive over-the-air (OTA) updates, thereby preserving the integrity and safety of their software. AIS 190 applies to vehicles across categories M, N, T, A, and C that are equipped to handle software updates.

Essential Components of AIS 190

• Software Update Management System (SUMS): OEMs are required to establish a SUMS that governs the entire software update process. This system is designed to securely manage the deployment of updates, ensuring that they are executed without disrupting vehicle functionality or compromising safety.
• Over-the-Air (OTA) Updates: A key focus of AIS 190 is the capability of vehicles to receive OTA updates. These updates must be delivered in a manner that does not jeopardize the vehicle's security or operational safety, enabling continuous improvement and the introduction of new features without the need for physical intervention.
• Compliance Documentation: OEMs must maintain comprehensive documentation detailing all aspects of the software update process, including software versions, update mechanisms, and compliance with regulatory standards. This documentation is critical for ensuring transparency and accountability in software management.
• Testing and Validation: AIS 190 requires that all software updates undergo rigorous testing and validation. This process is crucial to confirm that updates do not negatively impact the vehicle's safety, performance, or user experience, thereby safeguarding the vehicle's overall integrity.

AIS 190 not only facilitates the seamless integration of new software functionalities but also fortifies the ongoing security and reliability of vehicle systems in an increasingly digital automotive landscape.

AIS 189 and AIS 190 Requirements for OEMs

AIS 189 Requirements

• Establishing a CSMS: OEMs must develop a comprehensive CSMS that includes organizational processes, responsibilities, and governance structures to manage cybersecurity risks.
• Conducting Risk Assessments: Regular assessments to identify potential cybersecurity threats and vulnerabilities.
• Implementing Mitigations: Deploying measures to protect against identified risks and ensure the security of vehicle systems.
• Documentation and Reporting: Keeping detailed records of all cybersecurity activities and regularly reporting to relevant authorities.

Annexures to AIS 189

• Annexure D (List of Threats and Mitigations): Provides detailed lists of potential cybersecurity threats and the corresponding mitigations that OEMs must implement.
• Annexure E (AISC Panel Composition): Lists the members of the AISC panel responsible for developing the cybersecurity standards.

AIS 190 Requirements

• Developing a SUMS: OEMs must create a SUMS that outlines processes for securely managing software updates.
• Ensuring OTA Capabilities: Vehicles must support OTA updates, with secure mechanisms to prevent unauthorized access or modifications.
• Maintaining Compliance Records: Detailed documentation of software updates, including versions, validation data, and update processes.
• Validating Updates: Thorough testing of all software updates to ensure they do not compromise vehicle safety or functionality.

Annexures to AIS 190

• Annexure A (Information Document): Details the documentation required for vehicle type approval concerning software updates.
• Annexure C (Model of Certificate of Compliance): Provides the format for the Certificate of Compliance for Software Update Management Systems.
• Annexure D (AISC Panel Composition): Lists the members of the AISC panel responsible for developing the standards for software update management systems.

How AIS 189 and AIS 190 Shape the Future of Connected Vehicles

The advent of AIS 189 and AIS 190 marks a transformative shift for Original Equipment Manufacturers (OEMs) as they navigate the complexities of connected vehicle technology. These standards mandate the integration of sophisticated cybersecurity and software update management systems, crucial for safeguarding connected vehicles against cyber threats and ensuring secure software updates.

Key Impacts on OEMs

• Increased R&D Investments: The development and implementation of Cyber Security Management Systems (CSMS) and Software Update Management Systems (SUMS) necessitate substantial investment in research and development. OEMs must innovate to create robust systems capable of protecting the intricate networks within connected vehicles.
• Specialized Training Requirements: The introduction of these standards requires OEMs to upskill their workforce. Employees must be thoroughly trained in the new cybersecurity protocols and software update procedures to ensure seamless integration and ongoing management of these systems.
• Operational Shifts: Compliance with AIS 189 and AIS 190 will likely drive significant changes in OEMs' operational processes. From vehicle design to post-production support, OEMs must align their operations with these standards, ensuring that cybersecurity and software updates are prioritized throughout the vehicle’s lifecycle.
• Enhanced Safety and Reliability: Although the implementation of these standards involves considerable initial investment and operational changes, the long-term benefits are substantial. OEMs that successfully integrate CSMS and SUMS will offer vehicles with enhanced safety, reliability, and resilience against emerging cyber threats, setting a new benchmark for the connected vehicle industry.

AIS 189 and AIS 190 not only address immediate cybersecurity and software management needs but also pave the way for a future where connected vehicles can evolve safely and securely, meeting the ever-growing demands of digital innovation.

What Does the Enforcement Look Like?

Enforcement of AIS 189 and AIS 190 will be stringent, with regular audits and inspections conducted by the Automotive Research Association of India (ARAI) and other designated agencies. OEMs that fail to comply with the standards may face penalties, restrictions on vehicle sales, and damage to their reputation.

Enforcement Mechanisms

• Audits: Regular compliance audits conducted by ARAI to ensure adherence to the standards.
• Inspections: On-site inspections to verify that OEMs have implemented the required systems and processes.
• Penalties: Fines, sanctions, and other penalties for non-compliance.
• Market Surveillance: Continuous monitoring of the market to detect and address any non-compliant vehicles.

How to Achieve Compliance with AIS 189 and AIS 190 with Sibros

Sibros offers a comprehensive suite of tools and services designed to help OEMs achieve compliance with AIS 189 and AIS 190. Our platform provides robust cybersecurity solutions and advanced software update management capabilities, ensuring that vehicles are protected and up-to-date.

Sibros Solutions

• Deep Logger: Sibros' Deep Logger provides unparalleled access to vehicle data, capturing and storing comprehensive vehicle logs that are essential for monitoring and diagnosing cybersecurity threats. This tool ensures OEMs have a detailed understanding of their vehicle’s data, which is crucial for compliance documentation and audits.
• OTA Deep Logger: The OTA Deep Logger allows for secure over-the-air data logging, ensuring that vehicle data can be accessed and analyzed remotely without compromising security. This tool supports continuous monitoring and updating of vehicle data, which is essential for maintaining compliance with AIS 190.
• OTA Campaigns: Sibros' OTA Campaigns enable OEMs to manage software updates and recalls effectively. This tool ensures that updates are delivered securely over-the-air, meeting the stringent requirements of AIS 190. OTA Campaigns provide a seamless way to update software across all vehicle fleets, ensuring consistency and security.
• Data Streams: The Data Streams tool provides real-time access to vehicle data, allowing for immediate detection and response to potential cybersecurity threats. This real-time monitoring capability is vital for maintaining compliance with AIS 189, as it enables OEMs to react quickly to any security incidents.
• Command Center: Sibros' Command Center offers a centralized platform for managing all aspects of vehicle software and data. It integrates with the Deep Logger and OTA Campaigns to provide a comprehensive view of vehicle status, software updates, and cybersecurity measures. The Command Center’s robust reporting and analytics capabilities ensure that OEMs can maintain detailed compliance documentation and prepare for audits effectively.
• Vehicle-to-Cloud Integration: This tool ensures secure communication between vehicles and the cloud, enabling the safe transfer of data and software updates. The Vehicle-to-Cloud Integration is essential for both AIS 189 and AIS 190 compliance, as it ensures that all data exchanges are protected against cyber threats.

By leveraging these tools, Sibros provides OEMs with the infrastructure and support needed to achieve and maintain compliance with AIS 189 and AIS 190. Our solutions are designed to integrate seamlessly into existing vehicle systems, providing comprehensive protection and management capabilities that enhance vehicle safety and reliability.

Prepare for AIS 189 and AIS 190 with Sibros

Preparing for AIS 189 and AIS 190 compliance involves a strategic approach. Sibros can guide OEMs through the process, providing expertise and support to ensure successful compliance.

Preparation Steps

• Assess Current Systems: Conduct a thorough evaluation of existing cybersecurity and software management systems to identify gaps and areas for improvement.
• Implement Necessary Changes: Upgrade systems and processes to meet AIS 189 and AIS 190 standards, ensuring that all requirements are addressed.
• Train Employees: Provide comprehensive training for employees to ensure they understand and can effectively manage the new systems.
• Maintain Documentation: Keep detailed and organized records of all compliance-related activities, including risk assessments, mitigations, and software update processes.
• Conduct Regular Audits: Perform internal audits to ensure ongoing compliance and readiness for external inspections.

By partnering with Sibros, OEMs can navigate the complexities of AIS 189 and AIS 190 compliance, ensuring their vehicles are secure, up-to-date, and compliant with the latest industry standards. This not only enhances vehicle safety but also builds consumer trust and confidence in their brand.

Test drive our solutions today.