Buses and coaches use increasingly advanced technologies to facilitate their operation and maintenance. This technological advancement, linked to vehicle connectivity, can make them potential targets for cyberattacks. Consequently, the passenger transport sector therefore has no choice but to strengthen its cybersecurity.
Our priority is to combine innovation, cybersecurity, and functional safety, and we have been working for several years to strengthen protection against the risks of cyberattacks. With more than 10,000 connected buses and coaches, Iveco Bus offers a complete range of connected services, enabling the sharing of vehicle data as well as the supervision and optimization of customers’ use of an entire fleet of electric or thermal vehicles.
Beyond the costs that may arise from a cyberattack, the primary objective is to guarantee maximum protection against data theft and vehicle control breaches. This is a crucial element for protecting transport operators and ensuring passenger safety.
A connected vehicle exchanges data with the outside world through various communication channels.
Our cybersecurity experts have primarily focused on compliance with the European regulation
UN R155, applicable to coaches and buses since July 2024. The main objective of this regulation is to protect vehicles against cyberattacks and ensure that cybersecurity management systems are effective. This includes the prevention, detection and response to cyber threats through various requirements.
- Cybersecurity Measures from the Design Phase: Our vehicles incorporate cybersecurity measures from the design phase to minimize risks. The electrical and electronic units are protected by mechanical locking as well as a secure gateway to protect the on-board computer systems against incidents, whether accidental or malicious.
- Cybersecurity Management Systems (GSRII): Our vehicles are equipped with cybersecurity management systems to detect, prevent, and respond to cyber threats. These systems are capable of continuously monitoring potential cyberattacks, alerting operators in the event of a threat, and deploying countermeasures to neutralize attacks.
- Compliance and Evidence: We have provided evidence of compliance with security requirements to obtain vehicle approval. This has involved penetration testing, security audits and third-party certifications to ensure that the vehicles meet the cybersecurity standards established by the regulation.
- Software Updates: The regulation also includes requirements for software update management to ensure that vehicles remain protected against new threats.
“In an increasingly connected sector, cyber risks are becoming increasingly significant. Addressing this challenge is crucial to ensuring our customers can operate our vehicles safely. That’s why, at
Iveco Bus, we have developed technical solutions to protect against these risks while complying with current regulatory requirements. As a result, our vehicles are connected, but in a secure way,” said Philippe Grand, Bus Digital Product Manager.
SOURCE: Iveco
