EU Cybersecurity Laws Kill Porsche’s 718 Boxster And Cayman Early | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Cybersecurity laws in Europe are delivering an abrupt end to Porsche’s popular Macan combustion-powered compact SUV, and now it appears that the same legislation is dooming the combustion-powered 718 Boxster convertible and the 718 Cayman coupe before their EV replacements are in showrooms. All three models are lost due to UN Regulation No. 155 (UN R155), which requires automakers to embed specific cybersecurity protections within the high-volume vehicles it sells—the European legislation takes effect on July 1, 2024.

Conforming to UN R155 is not a simple upgrade, as meeting the requirements is a comprehensive measure that redefines the way automakers develop vehicles. Porsche would be forced to completely re-engineer the 718 pair, a costly and unreasonable move this late in their lifecycle (the “type 982” debuting in 2016), considering both are set to be replaced with all-new EVs for the 2025 model year. Porsche initially expected to sell the combustion-powered 718 alongside the upcoming electric 718 models for some time, but the legislation has extinguished that idea.

Oliver Hilger, Porsche’s spokesperson for the 718 product line, released a statement: “In the European Union and some states that apply EU legislation, the combustion-powered 718 models will not be available indefinitely. The main reason for this is the General Safety Regulation of the European Union (including cybersecurity), to which the platform will not be converted. Any models that do not meet these requirements will no longer be eligible for new registration in the EU after the beginning of July 2024. This applies not only to 718 models with an internal combustion engine but to all models from all manufacturers, and this regardless of whether it is an e-vehicle or one with an internal combustion engine. As a result, sale of the 718 models with an internal combustion engine is discontinued in the EU and some states that apply EU legislation from now on, thereby ensuring that the vehicles can be delivered to customers and registered by the deadline. In regions where the relevant EU legislation is not applied, the 718 models with an internal combustion engine can remain available for longer.

Implementation of the directive not only requires adjustments to the technical implementation, for example in the control units, but essentially also a change to processes in the development phase. For example, management systems will have to be developed and certified with regard to cybersecurity. The management and documentation of cybersecurity risks are tracked, structured, and formalized over the life cycle of the vehicle. All this could not be taken into account in the development of the 718 combustion models, as none of the requirements were known or applicable at the time. It is not possible to do this ‘in reverse’ without further ado.

The processes now required by UN ECE R 155 could not be implemented because they were not yet known and applicable back when the 718 platform was developed. But that doesn’t mean that older vehicles are not, per se, secure. When it comes to current models, we regularly check the cybersecurity of our products and work together with the global security community using a publicly accessible interface.”

As mentioned, the legislation affects Porsche’s higher-volume models. On that note, two lower volume 718 models—the Cayman GT4 RS and Boxster RS Spyder—are exempt. And while this European legislation has put the brakes on sales in the European Union, the rules do not affect sales in the United States. Consumers in North America and most other regions of the world will continue to enjoy the combustion-powered Boxster and Cayman for another couple of years.


Click Here For The Original Source.

National Cyber Security