AVL Focus - Issue 2025

In the era of software-defined vehicles and diverse connectivity, cyber attacks on fleets and

backend infrastructures are rapidly increasing. According to Upstream’s 2025 Global Automotive

and Smart Mobility Cyber Security Report, the number of massive scale incidents has more

than tripled compared to the previous year, with an unknown number of unreported incidents.

For manufacturers and suppliers, cyber security is now more than just a regulatory hurdle – it is

a fundamental prerequisite for safety, trust, and access to global markets. With the release of

the Cyber Resilience Act (CRA) this is now true for all kinds of vehicles, also covering off-road

vehicles such as agriculture machinery, construction machinery, and others.

Cyber Security for All Mobility

­Sectors, Across Every Maturity Stage

Different Levels of Maturity

The passenger car and commercial vehicle markets are al-

ready a step ahead. Since 2022, UNR 155 has been mandatory

in the EU and UNECE countries for new vehicle types and has

applied to all newly registered vehicles since 2024. UNR 156

addresses software update management in parallel. Also, Chi-

na has released binding GB standards, which will take effect

in 2026, extending them to the entire market by 2028. India is

preparing AIS-189 and AIS-190, expected to become effective

by the end of 2027.

By contrast, sectors such as agriculture, construction, and

off-highway machinery are at an earlier stage. With the EU

CRA taking effect in 2027 and ISO 24882 in development,

these industries face automotive-like obligations but with less

experience and weaker processes. Closing this gap requires

new competencies as well as scalable methods and tools.

Paradigms like “Defense-in-Depth" or “Security-by-Design”

become the foundation for secure mobility. Following them

requires manufacturers and suppliers alike to seamlessly

integrate activities like Threat Analysis and Risk Assessment

(TARA) or in-depth security testing into their development and

product lifecycle processes.

AVL SecGuard – End-to-End Cyber Security Toolchain

SecGuard is a solution that combines engineering expertise

with an end-to-end software toolchain covering the entire

cyber security lifecycle – from concept to in-field operation.

• AVL ComplyGuard – Stay Ahead of Certification

Provides structured processes, templates, and automated

reporting to assure effortless management of cyber security

projects and simplify audits and homologation.

• AVL ThreatGuard – Accelerate Threat Analysis

Automates TARAs using standardized and constantly updat-

ed threat catalogs, automated attack path generation, and

embedded expert knowledge, ensuring consistent and efficient

analysis, even for highly complex architectures.

• AVL TestGuard – Verify and Validate Security Measures

Verifies the effectiveness of implemented security controls

through automated functional security and penetration testing,

covering regulatory requirements such as UNR 155 and Chi-

nese GB standards.

• AVL TraceGuard – Ensure Secure Updates

Streamlines software variant management for the whole

vehicle fleet by systematically tracking software versions

and SUMS-­relevant changes while ensuring compliance with

UNR 156.

Together, these modules form a consistent ecosystem that

integrates seamlessly into development processes. SecGuard

enables manufacturers and suppliers to address cyber secu-

rity across all maturity levels – whether building a foundation

for compliance or optimizing existing structures.

HOME OF INNOVATION

AUTOMATED AND CONNECTED MOBILITY

54 | 55