EFS Consulting
EFS Consulting IT Security Header

Cybercrime affects all players in the value chain – the focus is on back-end systems, such as each individual vehicle. 

Cyber Security & Software Update Management

Defense measures at the organizational, process, and technical levels are necessary.

Digitization, networking, and automatization of motor vehicles are continuously increasing and define the trends in the automotive industry. Already now, over 100 ECUs and 100 million lines of software code in each vehicle are the basis of this development.

The security of vehicles must therefore be ensured by comprehensive organizational, procedural and technical measures.

In June 2020, the “UNECE World Forum for Harmonization of Vehicle Regulations” adopted the first internationally binding regulations for Cyber Security & Cyber Security Management Systems (ECE-155) and Software Updates & Software Update Management Systems (ECE-156) in the automotive sector. From July 2024 onwards, these will apply to all newly produced vehicle types. Further details are provided by “ISO/SAE DIS 21434 Road Vehicles – Cyber-security Engineering” and “ISO/AWI 24089 Road Vehicles – Software Update Engineering”.

These new requirements make it necessary to establish suitable cyber security and software update management systems which meet the regulatory requirements within the company and in the vehicle.

EFS’s modular system for “Cyber Security & Software Update Management” offers coordinated modules to achieve the required compliance with reasonable effort.


Cyber security and software analyses

To map and evaluate current Cyber Security and Software Update Management Systems across the entire value chain (CSMS & SUMS), we establish a solid decision-making basis for economic trade-offs with a process-focused gap analysis.


  • Analyze and evaluate current CSMS / SUMS approaches.
  • Holistic view of the organizational, technical, and strategic framework across the value chain
  • Identify and define effective action areas to comply with regulatory requirements and meet protection objectives


Setup of CSMS and SUMS

We support our customers in the efficient setup of the Cyber Security and Software Update Management System.


  • Implementation of a complete CSMS / SUMS concept for the sustainable protection of business and competitiveness
  • Developing standards considering the organizational and process structure of suppliers and service providers
  • Developing best practices to minimize attack surfaces


​Setup of organization

We support our client in building the necessary organization by deploying cyber security and end-to-end software update management systems, while ensuring secure and ongoing operations.


  • Setting up cybersecurity governance
  • Implementing an efficient and lean organizational structure
  • Ensure internal and external communication through a stakeholder-specific reporting structure


CSMS and SUMS assessments

For comprehensive testing of a cyber security and software update management system, we introduce a risk and threat management with regular analyses of potential threat situations.


  • Performing assessments to identify deficiencies and deviations.
  • Setting up measures to improve CSMS / SUMS along the entire value chain
  • Define optimized CSMS / SUMS principles within the organization, suppliers and service provider architecture


Monitoring measures

We implement measures at the organizational and process level in accordance with the quality specifications so that the best possible effect of these security solutions can be achieved in an economical manner.


  • Continuous monitoring of measures and identification of possible improvements
  • Coaching and targeted preparation of management and internal experts prior the audit
  • Evaluation of audit reports


Effectiveness and performance

To determine the sustainable effectiveness and successful certification of the cyber security and software update management systems, we implement routines for the structured evaluation of the CSMS and SUMS.


  • Ongoing evaluation and adaptation of the CSMS / SUMS approaches in accordance with the requirements.
  • Implementation of a quality assurance system including all relevant CSMS and SUMS aspects
  • Determining the ongoing effectiveness of CSMS and SUMS


Wolfgang Walter, Engagement Manager bei EFS Consulting

Wolfgang Walter