{"id":307,"date":"2026-02-15T20:34:06","date_gmt":"2026-02-15T19:34:06","guid":{"rendered":"https:\/\/www.gaes.hu\/cybersecurity\/"},"modified":"2026-02-15T20:35:14","modified_gmt":"2026-02-15T19:35:14","slug":"cybersecurity","status":"publish","type":"page","link":"https:\/\/www.gaes.hu\/en\/cybersecurity\/","title":{"rendered":"Cybersecurity"},"content":{"rendered":"\n
<\/div>
\n
\n

Cybersecurity<\/h1>\n<\/div>\n<\/div><\/div>\n\n
<\/div>
\n
\n

Modern vehicles are no longer composed solely of mechanical systems, but are equipped with complex electronic and software components. This transformation has made cybersecurity a critical area in the automotive industry. <\/p>\n\n\n\n

As an expert at GAES, we offer cybersecurity solutions compliant with ISO\/SAE 21434<\/strong> and UNECE R155<\/strong> standards, supporting the security of your vehicles throughout their entire lifecycle.<\/p>\n\n\n\n

Our service portfolio includes, among others, the establishment of a Cybersecurity Management System (CSMS<\/strong>), Threat Analysis and Risk Assessment (TARA<\/strong>), security architecture design, penetration and fuzz testing, as well as security validation of V2X<\/strong>, CAN<\/strong>, OTA<\/strong> systems and corporate training.<\/p>\n\n\n\n

Protecting in-vehicle and external connections, data protection, and the robustness of update mechanisms are our key focus areas; we conduct in-depth testing in this field. Our consulting and technical testing services provide strategic value not only for OEMs but also for suppliers within the framework of type approval processes (CoC\/COP<\/strong>) and R155<\/strong> conformity assessments. <\/p>\n\n\n\n

Our expert teams in Turkey and Germany develop tailored solutions for your projects, strengthening you in terms of both technical and regulatory compliance.<\/p>\n<\/div>\n\n\n\n

\n
\"\"<\/figure>\n<\/div>\n<\/div><\/div>\n\n
<\/div>
\n
\n

Below you can view the details of our services provided within the framework of automotive cybersecurity<\/strong>:<\/p>\n\n\n\n

    \n
  • GAP Analysis and Establishment of a Cybersecurity Management System (CSMS)<\/strong><\/li>\n\n\n\n
  • Application of Threat Analysis and Risk Assessment (TARA) and development of the cybersecurity concept<\/strong><\/li>\n\n\n\n
  • Definition and execution of testing and validation strategy<\/strong><\/li>\n\n\n\n
  • Supplier Management<\/strong><\/li>\n\n\n\n
  • Auditing, Certification, and Type Approval<\/strong><\/li>\n<\/ul>\n<\/div>\n<\/div><\/div>\n\n
    <\/div>
    \n
    \n

    GAP Analysis and Establishment of a Cybersecurity Management System (CSMS)<\/strong><\/h2>\n\n\n\n

    The GAP analysis<\/strong> service provided by GAES compares your organization’s existing cybersecurity practices with the requirements of ISO\/SAE 21434<\/strong> and UNECE R155<\/strong>, systematically identifying shortcomings and areas for improvement.<\/p>\n\n\n\n

    As a result of the analysis:<\/p>\n\n\n\n

      \n
    • It can be determined to what extent the current organizational structure complies with the relevant regulations,<\/li>\n\n\n\n
    • Weaknesses in processes, documentation, and technical solutions become clear,<\/li>\n\n\n\n
    • A strategic roadmap is created to achieve the targeted level of compliance.<\/li>\n<\/ul>\n\n\n\n

      Following the GAP analysis, building on the findings, we establish a tailored CSMS infrastructure<\/strong>. During this process, we: <\/p>\n\n\n\n

        \n
      • Develop management guidelines and a responsibility matrix,<\/li>\n\n\n\n
      • Integrate the TARA (Threat Analysis and Risk Assessment)<\/strong> process,<\/li>\n\n\n\n
      • Ensure the traceability of cybersecurity work products,<\/li>\n\n\n\n
      • Ensure consistent documentation of processes according to ISO\/SAE 21434<\/strong>,<\/li>\n\n\n\n
      • Establish mechanisms for internal audit, corrective actions, and continuous improvement.<\/li>\n<\/ul>\n\n\n\n

        Why is it important?<\/strong><\/h3>\n\n\n\n

        CSMS is not merely a collection of documents, but a security culture<\/strong> that ensures the organization is systematically prepared to handle cyber threats throughout the vehicle’s entire lifecycle. Successful implementation of CSMS is a prerequisite for R155 type approval<\/strong> and provides a significant competitive advantage in collaborations with OEMs. <\/p>\n\n\n\n

        Freegan chia ullamco reprehenderit chicharrones, echo park esse tilde. 90\u2019s hammock do cupidatat, edison bulb mumblecore vape cloud bread put a bird on it dreamcatcher artisan lomo raw denim. <\/p>\n<\/div>\n<\/div><\/div>\n\n

        <\/div>
        \n
        \n

        Application of Threat Analysis and Risk Assessment (TARA) and development of the cybersecurity concept<\/strong><\/strong><\/h2>\n\n\n\n

        The electronic control units (ECUs), wireless communication protocols, and software systems used in modern vehicles are exposed to increasingly complex threats. Therefore, identifying cyber threats and controlling risks in the early stages of the vehicle development process is a fundamental prerequisite for safety and regulatory compliance. <\/p>\n\n\n\n

        At GAES, through TARA<\/strong> applications conducted in accordance with ISO\/SAE 21434<\/strong>, we determine the extent to which system components are vulnerable to potential threats. During this process, we: <\/p>\n\n\n\n

          \n
        • Define system assets and valuable resources,<\/li>\n\n\n\n
        • Model potential attack paths,<\/li>\n\n\n\n
        • Calculate risk scores based on damage event scenarios and probability analyses,<\/li>\n\n\n\n
        • Define and prioritize cybersecurity goals based on the results.<\/li>\n<\/ul>\n\n\n\n

          The TARA outputs serve as the basis for creating work products fundamental to cybersecurity engineering and are structured in accordance with the requirements of UNECE R155 Annex 5<\/strong>.<\/p>\n\n\n\n

          Solutions developed to reduce identified security risks are integrated into the system architecture as a cybersecurity concept<\/strong>. Within this framework, we: <\/p>\n\n\n\n

            \n
          • Define technical controls and countermeasures related to security goals,<\/li>\n\n\n\n
          • Develop solution proposals for communication security, data integrity, access control, and software update mechanisms, among others,<\/li>\n\n\n\n
          • Ensure the traceability of security requirements throughout the design process.<\/li>\n<\/ul>\n\n\n\n

            This approach lays the foundation for sustainable cybersecurity<\/strong> throughout the product’s lifecycle.<\/p>\n<\/div>\n<\/div><\/div>\n\n

            <\/div>
            \n
            \n

            Definition and execution of testing and validation strategy<\/strong><\/strong><\/strong><\/h2>\n\n\n\n

            The effectiveness of cybersecurity measures depends not only on theoretically defined guidelines but also on how effective these measures are in practice. GAES, in accordance with the requirements of ISO\/SAE 21434<\/strong> and UNECE R155<\/strong>, ensures not only the development of the testing strategy but also its professional execution, thereby making vehicle cybersecurity measurable. <\/p>\n\n\n\n

            Defining the Strategy<\/strong><\/h3>\n\n\n\n

            The first step in the testing process is to develop validation plans that align with security requirements and system architecture. Within this framework, we: <\/p>\n\n\n\n

              \n
            • Assign appropriate testing methods to each security goal,<\/li>\n\n\n\n
            • Identify attack surfaces of critical system components (CAN, TCU, OTA, Bluetooth, Wi-Fi, etc.),<\/li>\n\n\n\n
            • Define the scope, methodology, and success criteria of testing,<\/li>\n\n\n\n
            • Optimize repetitive testing with automation infrastructures where necessary.<\/li>\n<\/ul>\n\n\n\n

              Execution<\/strong><\/h3>\n\n\n\n

              Building on the defined strategy, GAES experts conduct comprehensive testing activities in on-site or laboratory environments:<\/p>\n\n\n\n

                \n
              • Functional tests:<\/strong> Examining whether the defined security requirements function correctly within the system.<\/li>\n\n\n\n
              • Fuzz testing:<\/strong> Measuring software fault tolerance at interfaces and protocols by applying unexpected data inputs.<\/li>\n\n\n\n
              • Penetration tests:<\/strong> Uncovering system vulnerabilities by simulating real attack techniques.<\/li>\n\n\n\n
              • OTA and wireless security tests:<\/strong> Examining software updates, as well as Bluetooth and LTE connections, from the perspective of encryption, authentication, and access control.<\/li>\n<\/ul>\n\n\n\n

                Verification of Security Performance<\/strong><\/h3>\n\n\n\n

                Documenting test results is crucial for strengthening customer confidence and demonstrating technical compliance during R155 type approval<\/strong> processes. GAES’s testing expertise extends not only to identifying problems but also to providing development and improvement recommendations that support sustainable cybersecurity<\/strong>. <\/p>\n<\/div>\n<\/div><\/div>\n\n

                <\/div>
                \n
                \n

                Supplier Management<\/strong><\/strong><\/strong><\/strong><\/h2>\n\n\n\n

                In the automotive industry, vehicle manufacturers’ cybersecurity obligations are not limited solely to their own systems. UNECE R155<\/strong> mandates a security approach that extends to the entire supply chain and expects manufacturers to establish structures that enable them to oversee the processes of their suppliers. In this context, supplier management becomes a strategic responsibility<\/strong> for cybersecurity compliance. <\/p>\n\n\n\n

                The supplier management service provided by GAES supports OEMs and Tier 1 suppliers in aligning their technical and process collaborations with subcontractors with the requirements of ISO\/SAE 21434<\/strong> and UNECE R155<\/strong>. Within this framework, we: <\/p>\n\n\n\n

                  \n
                • Define compliance expectations and minimum security criteria for suppliers,<\/li>\n\n\n\n
                • Verify the accuracy and consistency of work products (cybersecurity goals, TARA outputs, V&V documentation),<\/li>\n\n\n\n
                • Analyze and prioritize supplier risk levels,<\/li>\n\n\n\n
                • Develop auditing plans and evaluation criteria,<\/li>\n\n\n\n
                • Conduct the CIA (Cybersecurity Interface Agreement)<\/strong> process.<\/li>\n<\/ul>\n\n\n\n

                  Supplier Audit and Training Support<\/strong><\/h3>\n\n\n\n

                  GAES does not merely evaluate technical documentation but also organizes internal audits, training, and awareness programs for suppliers. As a result: <\/p>\n\n\n\n

                    \n
                  • Suppliers’ cybersecurity maturity increases,<\/li>\n\n\n\n
                  • Contribution to OEMs’ security goals is strengthened,<\/li>\n\n\n\n
                  • Unexpected compliance discrepancies arising during type approval processes can be prevented.<\/li>\n<\/ul>\n\n\n\n

                    Benefits and Impact<\/strong><\/h3>\n\n\n\n
                      \n
                    • Minimization of security vulnerabilities originating from suppliers,<\/li>\n\n\n\n
                    • Regulatory compliance is ensured throughout the entire supply chain,<\/li>\n\n\n\n
                    • Suppliers’ technical preparedness and sense of responsibility are strengthened.<\/li>\n<\/ul>\n\n\n\n

                      GAES treats supplier management not merely as a control mechanism but as an integral part of a long-term cybersecurity culture<\/strong>.<\/p>\n<\/div>\n<\/div><\/div>\n\n

                      <\/div>
                      \n
                      \n
                      <\/div>
                      \n
                      \n

                      Audit, Certification, and Type Approval<\/strong><\/h2>\n\n\n\n
                      <\/div>\n\n\n\n

                      The UNECE R155<\/strong> regulation and the ISO\/SAE 21434<\/strong> standard require not only that automotive products be technically secure, but also that this security be managed in a documented, auditable, and sustainable manner<\/strong>.<\/p>\n\n\n\n

                      In line with these expectations, GAES provides comprehensive audit, certification, and type approval consulting services<\/strong> for vehicle manufacturers and suppliers, supporting them in ensuring full and consistent regulatory compliance.<\/p>\n<\/div>\n<\/div><\/section>\n<\/div>\n<\/div><\/section>\n\n

                      <\/p>\n\n

                      Internal and External Audit Support<\/strong><\/h3>\n\n
                        \n
                      • Conducting internal preparatory audits (pre-assessment) to assess the level of regulatory compliance<\/li>\n\n\n\n
                      • Auditing CSMS processes according to the requirements of UNECE R155<\/strong> and ISO\/SAE 21434<\/strong><\/li>\n\n\n\n
                      • Establishing internal audit procedures that extend to the supply chain<\/li>\n\n\n\n
                      • Developing corrective and preventive action plans in case of non-conformities and deficiencies<\/li>\n<\/ul>\n\n

                        Certification Process Consulting<\/strong><\/h3>\n\n
                          \n
                        • Supporting the preparation of CSMS conformity reports (audit reports) falling under the scope of ISO\/SAE 21434<\/strong><\/li>\n\n\n\n
                        • Technical review of work products based on ISO\/SAE 21434 before submission to independent evaluators<\/li>\n\n\n\n
                        • Providing technical expert support during third-party certification audits<\/li>\n<\/ul>\n\n

                          Type Approval Process Management<\/strong><\/h3>\n\n

                          GAES provides vehicle-level type approval services as a designated technical service under UNECE R155<\/strong>. Within this framework, we:<\/p>\n\n

                            \n
                          • Conduct CSMS audits (cybersecurity audit) and support the issuance of CSMS Certificates of Compliance (CoC)<\/li>\n\n\n\n
                          • Perform vehicle-level cybersecurity assessments as part of type approval procedures<\/li>\n\n\n\n
                          • Fully manage mandatory triennial CSMS audits<\/li>\n\n\n\n
                          • Analyze the impact on type approval in case of design modifications and implement necessary update steps<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

                            Internal and External Audit Support Certification Process Consulting Type Approval Process Management GAES provides vehicle-level type approval services as a designated technical service under UNECE R155. Within this framework, we:<\/p>\n","protected":false},"author":1,"featured_media":308,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_eb_attr":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"class_list":["post-307","page","type-page","status-publish","has-post-thumbnail","hentry"],"blocksy_meta":[],"_links":{"self":[{"href":"https:\/\/www.gaes.hu\/en\/wp-json\/wp\/v2\/pages\/307","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gaes.hu\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.gaes.hu\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.gaes.hu\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gaes.hu\/en\/wp-json\/wp\/v2\/comments?post=307"}],"version-history":[{"count":1,"href":"https:\/\/www.gaes.hu\/en\/wp-json\/wp\/v2\/pages\/307\/revisions"}],"predecessor-version":[{"id":309,"href":"https:\/\/www.gaes.hu\/en\/wp-json\/wp\/v2\/pages\/307\/revisions\/309"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gaes.hu\/en\/wp-json\/wp\/v2\/media\/308"}],"wp:attachment":[{"href":"https:\/\/www.gaes.hu\/en\/wp-json\/wp\/v2\/media?parent=307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}