Cybersecurity and compliance in the age of autonomy

In the context of autonomous vehicles, Governance, Risk, and Compliance (GRC) play a crucial role in maintaining the integrity, reliability, and trustworthiness of our operations. At May Mobility, our GRC framework is designed to align our cybersecurity practices with industry standards, regulatory requirements, and internal policies, ensuring that we operate within a secure and compliant environment.

Our GRC approach involves:

• Governance: Establishing clear policies and procedures that define the roles, responsibilities, and accountability for cybersecurity across the organization is essential.This includes ensuring that cybersecurity objectives are communicated and understood across all levels of the company.
• Risk Management: Continuously identifying, assessing, and mitigating risks associated with our autonomous vehicle operations is a key priority for our team. This involves using frameworks like TARA (Threat Analysis and Risk Assessment) to address cybersecurity risks proactively as part of our overall risk management strategy.
• Compliance: Ensuring that our operations meet the regulatory requirements of the regions in which we operate is a top priority. As we expand into new markets around the country and world, such as Japan, compliance becomes increasingly important to ensure that our technology adheres to local laws and standards.

Achieving new milestones in cybersecurity

This past year, May Mobility reached a significant milestone by earning SOC 2 Type II compliance focusing on our Fleet API, emphasizing our commitment to maintaining the highest standards of security, availability, and confidentiality. SOC 2 Type II is a rigorous audit that evaluates an organization's ability to consistently implement and maintain controls over time to protect sensitive data,, focusing on five key Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

1. Security ensures that our systems are protected against unauthorized access, safeguarding both our infrastructure and customer data.
2. Availability guarantees that our services are reliable and accessible, supporting continuous autonomous vehicle operations.
3. Processing Integrity verifies that our systems operate in a consistent, timely and accurate manner, ensuring that data is processed as expected.
4. Confidentiality ensures that sensitive information is properly handled, protected, and restricted to authorized personnel.
5. Privacy focuses on the protection of personal data, ensuring that it is collected, stored, used, and disposed ofin compliance with privacy regulations.

Achieving SOC 2 Type II certification not only reflects our ability to build and maintain a secure infrastructure but also reinforces the trust partners, clients, and regulators place in our operations.

Setting standards in autonomous vehicle cybersecurity and safety

One of the key frameworks guiding AV cybersecurity efforts is UL 4600, the Standard for Safety for the Evaluation of Autonomous Products. At May Mobility, UL 4600 plays a critical role in shaping our approach to both safety and cybersecurity, providing a comprehensive framework for assessing the safety of autonomous systems.

What is UL 4600?

UL 4600 is a safety standard developed specifically for autonomous vehicles and other autonomous systems. It is designed to address the unique challenges and risks associated with autonomy by providing a framework to evaluate whether autonomous systems can operate safely without human intervention, even in complex and unpredictable environments.

Why UL 4600 Matters for May Mobility

Adhering to UL 4600 is not just about compliance; it’s about demonstrating our commitment to safety and cybersecurity in the autonomous vehicle industry. By following this standard, we ensure that our vehicles are not only capable of operating safely in a driver-out scenario but are also resilient against the growing number of cyber threats.

Expanding worldwide: Where cybersecurity fits

As May Mobility expands its operations into Japan, cybersecurity becomes even more critical. Our expansion into this market requires an understanding of global cybersecurity regulations and a commitment to adhering to these standards to ensure the success and safety of our operations.

Adapting to local regulations, we are aligning our cybersecurity practices with Japan’s specific regulatory requirements, including those related to data protection, privacy, and automotive security. A central focus of this is ensuring compliance with UN Regulation No. 155 (R155) and UN Regulation No. 156 (R156), emphasizing continuous monitoring and incident response against cybersecurity threats.

AV cybersecurity takes industry-wide collaboration

Cybersecurity is a shared responsibility, and at May Mobility, we embrace industry-wide collaboration to tackle evolving threats. By working closely with leaders in both the autonomous vehicle and cybersecurity sectors, we can exchange knowledge and implement best practices that contribute to a safer future for all.

As part of our commitment to knowledge sharing and leadership in the field, May Mobility has a presence by presenting and participating at industry conferences. These opportunities enable us to share expertise in vehicle security, cybersecurity compliance, and DevSecOps (development, security and operations) innovations while contributing to and learning from the ongoing dialogue on AV security challenges.

We’ve also partnered with Upstream Security, a leader in automotive cybersecurity, to enhance the real-time monitoring and protection of our vehicles. Leveraging Upstream’s advanced threat detection and incident response capabilities, we can proactively detect and neutralize potential threats before they impact our operations, ensuring the safety of both our passengers and vehicles.

The road ahead

As we continue to innovate and push the boundaries of autonomous vehicle technology, cybersecurity will remain a cornerstone of our efforts. By staying vigilant, investing in cutting-edge security measures, and fostering a culture of awareness, May Mobility is committed to driving securely into the future.