SEOUL, South Korea, March 5, 2025 /PRNewswire/ — This is an article published in The Korea Herald:

Automotive cybersecurity has become increasingly critical as vehicles process vast amounts of data, including sensor inputs, autonomous driving inputs and outputs, vehicle location and condition, and software updates. In response, a growing number of jurisdictions — including the European Union, Korea and China — are enacting cybersecurity laws that require automakers to comply with strict security standards to sell their vehicles in these markets.

A modern vehicle contains hundreds of electronic controllers, each of which must be secured to strengthen overall cybersecurity. To address this, automakers require electronic controller developers to implement cybersecurity measures such as Secure Flash, Secure Debug and Secure Onboard Communication (SecOC).

Secure Flash ensures that firmware updates are applied only after verifying their authenticity and integrity through digital signatures.

Secure Debug prevents unauthorized extraction or modification of firmware by controlling access to the debug interface.

SecOC maintains the integrity and authenticity of in-vehicle communications by attaching a Message Authentication Code to messages, allowing verification of the sender.

Growing role of key management systems

These cybersecurity measures rely on security keys and passwords, but managing these assets poses significant risks of data leakage, particularly when dealing with thousands to millions of security credentials. Additionally, this increases operational workload for electronic controller developers. To address these challenges, the automotive industry is increasingly adopting key management systems.

Key management systems serve two key functions: securely managing security assets and integrating them into electronic controllers and providing ongoing protection for these assets throughout the vehicle’s lifecycle.

Key management systems generate and distribute a wide range of security keys, which can number in the hundreds per electronic controller model and millions per unit when including unique passwords. While IT security solutions outside the automotive industry offer similar functionality, a vehicle-specific KMS must consider the mobility industry value chain, the vehicle’s 15-year lifecycle, and evolving cybersecurity regulations.

Electronic controller developers adopting a key management system must address two critical factors: Ensuring compliance with the diverse cybersecurity requirements of automakers and seamlessly integrating the KMS with the production line of electronic controllers.

Integrating security assets into electronic controllers involves three essential components: the key management system (which generates and manages security keys); the electronic controller (which utilizes the security keys for cybersecurity functions); and diagnostic software on the production plant(which connects the two and ensures secure integration).

One of the main challenges is ensuring that electronic controllers are designed to align with the cybersecurity approach of the key management system. If an electronic controller cannot decrypt a key due to misalignment in security protocols, the system becomes nonfunctional. Therefore, a well-coordinated cybersecurity approach across all three components is essential.

To achieve seamless integration, collaborating with a company that provides a readymade solution covering all three components can be highly beneficial. A comprehensive security strategy enhances synergy among systems while improving cost efficiency by consolidating design, development and validation within a single company.

Electronic controller developers must also ensure that their KMS solutions are adaptable to meet automakers’ evolving and diversifying cybersecurity needs. By proactively integrating comprehensive security measures, they can have flexible solutions that require only minor modifications instead of developing entirely new systems. This reduces costs while improving project efficiency.

Fescaro’s role in advancing automotive cybersecurity

Fescaro, a Korean mobility security solutions provider, has seen rising demand for its key management systems, as automakers increasingly require Secure Debug, Secure Flash, and SecOC implementations from electronic controller developers.

As cybersecurity regulations tighten, the demand for advanced key management systems will continue to grow. Electronic controller developers must adopt long-term strategies to determine which KMS solution best supports their needs over the medium and long term.

Leveraging its expertise in mobility security, Fescaro has developed a unified system that ensures seamless security integration across all three essential components, such as a proprietary key management system, electronic controllers, and production line.

By applying unified security principles, Fescaro ensures that its cybersecurity solutions integrate seamlessly into electronic controller production, maintaining operational stability.

Additionally, Fescaro’s proprietary security technologies have been validated against the FIPS 140-2 standard by the US National Institute of Standards and Technology. This certification confirms the correct implementation of cryptographic algorithms and enhances global credibility.

With a scalable design, Fescaro’s automotive cybersecurity solutions can effectively adapt to fluctuations in automaker and electronic controller lineups, making them a preferred choice among multiple Korean automakers and electronic controller developers.

Lee Hyun-jung is chief technology officer of Fescaro. The views in this column are her own. — Ed.