iWave’s telematics portfolio of TCUs, Telematic Gateways and loggers feature cybersecurity by design. As connected automotive and telematics systems grow, robust cybersecurity is critical, driven by EU regulations like the Cyber Resilience Act (CRA) and the Radio Equipment Directive Delegated Act (RED DA).
iWave Telematics products are made secure by embedding robust technical and process controls that align with key international and EU standards, including ISO/SAE 21434, ISO 24089, UNECE WP.29 (UN R155, UN R156), CRA, RED DA, and the EN 18031 series. Meeting these standards is essential for compliance, trust, and market access in the evolving landscape.
Following are Key Standards to be adopted:
- ISO/SAE 21434 (Road Vehicles – Cybersecurity Engineering):
This standard mandates a “security by design” methodology particularly for telematics. It re-quires a comprehensive Threat Analysis and Risk Assessment (TARA), focusing on identifying vulnerabilities within communication stacks, cloud connectivity, and firmware update mecha-nisms. Validation involves rigorous penetration testing, including simulated remote exploits, physical attacks. These steps are crucial to unearth and address security flaws in telematics functionalities across their entire development and operational lifespan. - UN R155 (Cybersecurity Management System CSMS):UNECE world forum for Harmonization of Vehicle Regulations (WP.29) has adopted two regula-tions UN R155 & UN R156. UN R155 sets the legal obligation for approval of vehicles under cyber security management system (CSMS) It references ISO/SAE 21434 on Road Vehicles – Cy-bersecurity. ISO/SAE 21434 provides the detailed engineering framework, outlining how to im-plement these security measures through processes like Threat Analysis and Risk Assessment (TARA) and rigorous penetration testing. Adherence to ISO/SAE 21434 is the primary method to demonstrate compliance with UN R155’s requirements.
- UN R156 (Software Update Management System SUMS):This regulation mandates secure and traceable software updates. iWave’s telematics devices, equipped with Secure Boot / Encrypted Boot, feature the robust hardware foundation for UN R156-compliant Over-the-Air (OTA) updates. Most of these devices also include key components like Crypto Accelerators and Secure Elements to ensure authenticity and integrity.
- ISO 24089 (Road Vehicles – Software Update Engineering):This standard complements UN R156 by providing a detailed framework for managing software updates securely and reliably across the vehicle lifecycle. It covers update integrity, authentici-ty, delivery mechanisms, and traceability.
- EU Cyber Resilience Act (CRA):The CRA applies to all digital products, including telematics devices, requiring security by design and throughout the product lifecycle. It promotes transparency and protection against vulner-abilities. Our security solutions align closely with CRA requirements.
- Applicable EU RED DA Standards for Telematics:Effective August 2025, RED DA establishes cybersecurity rules for internet-connected radio de-vices to protect networks, personal data, and prevent fraud. The EN 18031 standards provide detailed guidelines to meet these requirements.
- EN 18031-1 – Network Protection: Ensures connected radio equipment does not harm communication networks. iWave’s implementation of network-efficient communication protocols, robust error handling, and TLS v1.3-based encrypted data transfer achieves compliance by protecting network integrity and preventing misuse of network resources.
- EN 18031-2 – User Data & Privacy Protection: Focuses on securing personal data with encryption during transmission and storage, protection against unauthorized tracking and privacy breaches, and secure authentication and access controls. iWave’s Secure Storage, Authentication, and AppArmor Access Control comply with this standard.
How are iWave’s Telematics solution compliant with these standards?
- Secure Storage Within all iWave telematics devices, critical data, cryptographic keys, and sensitive information are shielded by robust, encrypted storage mechanisms, providing essential data confidentiality and integrity.
- Penetration Testing Consistent with ISO/SAE 21434’s mandate for continuous vulnerabil-ity discovery and mitigation, iWave performs regular, in-depth Threat Analysis and Risk Assessment (TARA) followed by rigorous penetration testing. This proactive assessment validates the resilience of our telematics systems against adversarial conditions, demon-strating our commitment to cutting-edge protection.
- Authentication: iWave telematics devices incorporate powerful password based au-thentication mechanisms that verify the identity of users and connected systems. This fundamental control ensures secure access and prevents unauthorized operations, rein-forcing telematics network integrity.
- AppArmor Access Control (link to the Security Solutions): iWave telematics devices uti-lize AppArmor Access Control to enforce granular, mandatory access control policies for applications. By enforcing application-specific profiles, we effectively limit program ca-pabilities, upholding the principle of least privilege and significantly reducing the attack surface.
Conclusion
Through meticulous adherence to international and EU standards such as ISO/SAE 21434’s engi-neering processes and UN R155’s regulatory mandates, iWave’s telematics portfolio ensures high-assurance security. Our integrated hardware and software controls provide the resilience required for critical connected vehicle applications across the European market.
