Cybersecurity Vehicle Forum – New Orleans – April 3, 2025

Driving Security Forward: Key Insights from GlobalPlatform's virtual Cybersecurity Vehicle Forum

On April 3rd, cybersecurity professionals and automotive industry experts gathered virtually for GlobalPlatform's virtual CyberSecurity Vehicle Forum, broadcasting live from New Orleans. This comprehensive 3-hour session brought together leading voices to discuss critical security challenges and solutions shaping the future of connected vehicles.

Breaking Down the PSA Security Architecture

The forum opened with Nicolas Devillard from ARM presenting the Platform Security Architecture (PSA) APIs, providing attendees with a deep dive into the structural framework that's vital for security in IoT. Devillard outlined how PSA APIs deliver essential security services including cryptographic functions, secure storage capabilities, attestation processes, and firmware update mechanisms.

What makes PSA particularly compelling for the automotive sector is its open-source nature. The project welcomes contributions from the global development community, with reference implementations readily available through the Mbed-TLS/TF-PSA-Crypto GitHub repository. This collaborative approach ensures that automotive manufacturers and suppliers can leverage battle-tested security implementations while contributing to the ecosystem's continuous improvement.

Securing the Foundation: MCUs and Micro TEEs

Richard Hayton's presentation on Security for MCUs & Micro TEEs addressed one of the automotive industry's most pressing challenges: securing resource-constrained environments. As vehicles become increasingly connected and autonomous, the need for robust security measures in microcontrollers and trusted execution environments has never been more critical. These components form the security foundation for everything from engine control units to advanced driver assistance systems.

Automotive Network Security and Key Management Excellence

Phil Lapczynski from Renesas tackled the complex world of MacSec and Key Management in Automotive applications. With vehicles now functioning as networks on wheels, implementing media access control security (MacSec) becomes essential for protecting communication between electronic control units. Lapczynski's insights highlighted how effective key management strategies can maintain security integrity throughout a vehicle's operational lifecycle.

Building on this foundation, Gil Bernabeu from GlobalPlatform expanded the discussion to encompass broader key management challenges supported by GlobalPlatform technologies, specifically focusing on key injection and renewal processes. These mechanisms are crucial for maintaining long-term security in automotive systems that must remain secure and functional for decades.

Regulatory Landscape and Standards Evolution

Susan Lightman from NIST provided attendees with a crucial update on Cybersecurity Assurance Levels work within the 8475 PAS framework, which serves as an annex to SAE/ISO 21434. This regulatory evolution reflects the industry's growing recognition that cybersecurity must be built into automotive systems from the ground up, not retrofitted as an afterthought.

The Critical Role of Certification

The discussion covered SESIP (Security Evaluation Standard for IoT Platforms), highlighting how standardized evaluation methodologies are becoming essential for ensuring consistent security across the automotive ecosystem.

Perhaps the most impactful presentation came from Namseok Kim of LG Electronics, who delivered compelling insights on Automotive Cybersecurity Certification Initiatives. Kim emphasized how protection profiles serve as powerful tools for building client trust and credibility, directly impacting how products are positioned with OEMs, regulators, test laboratories, and certification bodies.

Kim's presentation underscored a crucial point often overlooked in cybersecurity discussions: certification doesn't merely check compliance boxes. Instead, it demonstrates the technical depth and implementation rigor that separates truly secure products from those with superficial security measures. In an industry where safety and security failures can have life-threatening consequences, this technical attestation becomes invaluable.

Jorge Wallace Ruiz from Dekra continued this theme, expanding on the essential role that protection profiles play in the certification ecosystem. His insights helped attendees understand how these standardized security requirements translate into practical implementation guidelines that manufacturers can follow.

Looking Ahead: The Road to Secure Mobility

The GlobalPlatform Cybersecurity Vehicle Forum demonstrated that the automotive industry is rapidly maturing in its approach to cybersecurity. From foundational technologies like PSA APIs and secure microcontrollers to sophisticated key management systems and comprehensive certification frameworks, the tools and standards needed for secure connected vehicles are coming together.

The forum's emphasis on open-source collaboration, standardized evaluation methods, and rigorous certification processes signals a future where automotive cybersecurity is built on transparent, tested, and trusted foundations. As vehicles become increasingly autonomous and connected, these security measures will prove essential not just for protecting data and privacy, but for ensuring the safety of everyone on the road.

For industry professionals working in automotive cybersecurity, the insights shared during this forum provide a insight into the complex security challenges ahead. The convergence of technical innovation, regulatory clarity, and industry collaboration showcased in New Orleans points towards the work needed to ensure a more secure automotive future—one where security is designed in, not bolted on.

To get involved, join GlobalPlatform.