VicOne & VinCSS join forces for smart vehicle cybersecurity
TOKYO, JAPAN, October 4, 2023 – VicOne announced it has signed a memorandum of understanding (MOU) with VinCSS to work together on cybersecurity services for smart vehicles. VinCSS, subsidiary of Vingroup JSC in Vietnam, together with other international vendors provides automotive cybersecurity services. These services are offered for its sister automotive OEM, VINFAST. Through the partnership, VicOne will support VinCSS to improve efficiencies and provide vehicle security beyond vulnerabilities. Its VicOne xZETA security scanning and SBOM (Software Bill of Materials) management tool.
Under the MOU, VicOne and VinCSS will combine resources and expertise to address vulnerabilities in the software supply chain. VicOne concentrated on the protection of open-source Electronic Control Units (ECUs). Vulnerabilities in ECUs present a significant concern for the automotive industry as they increasingly incorporate open-source software components. Moreover, these vulnerabilities become susceptible to security flaws that may go unnoticed or unaddressed. These vulnerabilities could stem from outdated libraries, unchecked dependencies, or insufficient code reviews.
The VicOne xZETA helps VinCSS establish vulnerability and SBOM management in a centralized system. The xZETA’s patent-pending VicOne Vulnerability Impact Rating (VVIR) technology integrates external and internal insights to prioritize high-risk vulnerabilities. Furthermore, this process involves identifying, assessing, mitigating, and monitoring them for a complicated ECU firmware. This empowers VinCSS to swiftly identify and address high-risk issues and formulate corresponding strategies. The complete information feeds back into Threat and Risk Assessment (TARA) results, ensuring alignment with the UN R155 and ISO 21434 process while maintaining a continuous monitoring spirit.
Beyond adhering to the ISO 21434 standards, this initiative emphasizes early security intervention in the connected car development lifecycle. The partnership enhances safety measures while ensuring rigorous standards on supplier components, minimizing potential threats.
“Smart vehicles provide enhanced reliability, better diagnostics, and superior connectivity. They expand the attack surface equally across the connected car ecosystem, making software vulnerabilities a crucial component of this growing threat landscape, so a comprehensive, all-encompassing solution must counter it,” said Edward Tsai, vice president of Strategic Partnership for VicOne. “Keeping vehicle data and identity safe from these attacks is a shared goal for our two companies, and we are committed to improving efficiencies and providing vehicle security beyond vulnerabilities.”
“The alliance between VinCSS and VicOne is both strategic and visionary in securing smart vehicle technologies at the component level. We share a common goal for a safer and more connected automotive future,” said Tin. T. Nguyen, deputy director of Automotive Cybersecurity at VinCSS. “In this era of rapid technological evolution, such collaborations are pivotal. Furthermore, as we combine our complementary strengths, the automotive cybersecurity landscape stands ready to embark on a transformative journey toward safety, innovation, and excellence.
VinCSS started the automotive cybersecurity business in 2019 with extensive hands-on experience with multiple projects securing various vehicle models, including successful coordination to obtain EU certifications for an EV maker. It also now has a global certified automotive cybersecurity professional team from the U.S., India, the EU, and Vietnam experienced in automotive cybersecurity, offering comprehensive cybersecurity services for smart vehicle OEMs in accordance with ISO 21434, the UN’s R155/156 regulations, best practices, and specific market requirements.