Autocrypt delivers Automotive CIS and Vehicle Cybersecurity to CES
Vehicle cybersecurity has moved from a specialist concern to a board level priority. As vehicles become rolling computers, increasingly connected, continuously updated and infused with artificial intelligence, the attack surface has expanded at pace. Against that backdrop, the launch of Automotive CIS (Cybersecurity Infrastructure Standard) at CES 2026 marks a pivotal moment for the global automotive industry, signalling a shift from fragmented security practices towards a unified infrastructure standard that spans the entire vehicle lifecycle.
The announcement reflects a broader reality facing manufacturers and suppliers alike. Software defined vehicles are no longer theoretical concepts or future roadmaps. They are already entering production lines and public roads, bringing with them new operational efficiencies, new revenue models, and new vulnerabilities. Automotive CIS arrives as a timely response, offering a structured and scalable foundation for managing cybersecurity in an era where software, data, and connectivity define vehicle value.
From Product Security to Infrastructure Thinking
Automotive CIS is positioned as an evolution rather than a reinvention. Building on Autocrypt’s earlier Software Security Infrastructure, the new standard broadens its scope beyond vehicle manufacturers to encompass the entire supply chain. That distinction matters. Modern vehicles rely on complex ecosystems of tier one suppliers, software vendors, cloud platforms, and service providers. Security, in this context, is only as strong as the weakest link.
By reframing cybersecurity as an infrastructure challenge rather than a collection of isolated tools, Automotive CIS introduces a reference model that aligns development, production, operation, and maintenance under a single architectural framework. This approach mirrors how the industry already thinks about functional safety and quality management, making cybersecurity governance more familiar and easier to operationalise across organisations.
An Integrated Architecture for the Full Vehicle Lifecycle
At the heart of Automotive CIS is the integration of several critical cybersecurity functions that have traditionally been implemented in silos. The standard brings together Cybersecurity Management Systems, Software Update Management Systems, Vehicle Security Operations Centres, and Threat Analysis and Risk Assessment into one cohesive infrastructure.
This integration is not merely technical. It establishes clear lines of responsibility, consistent data flows, and shared visibility across teams that often operate independently. For manufacturers transitioning to software defined architectures, this unified view is essential. Over the vehicle lifecycle, security considerations must evolve alongside new features, over the air updates, and changing threat landscapes. Automotive CIS is designed to support that continuous evolution without forcing costly redesigns or reactive fixes.
Supporting the Shift to Software Defined Vehicles
Software defined vehicles fundamentally alter how cars are designed, built, and maintained. Functions once hardwired into electronic control units are now delivered as software services, updated remotely and personalised over time. While this unlocks significant innovation, it also demands a new cybersecurity mindset.
Automotive CIS provides a practical blueprint for managing these complexities. By embedding security controls into development pipelines, production systems, and in service operations, the standard helps organisations move away from bolt on security approaches. Instead, cybersecurity becomes a living component of the vehicle platform, evolving in step with software functionality and regulatory expectations.
Proof of Concept Grounded in Industry Practice
The credibility of Automotive CIS rests heavily on its real world foundations. Autocrypt’s extensive proof of concept projects with domestic and international manufacturers and suppliers have informed the structure and scope of the standard. These engagements exposed the practical challenges organisations face when aligning cybersecurity across engineering teams, suppliers, and regulatory bodies.
As a result, Automotive CIS includes tailored deployment roadmaps and expert consulting methodologies designed to meet organisations where they are, rather than imposing rigid or unrealistic models. This pragmatism is likely to resonate with industry leaders seeking scalable solutions that can be adapted across regions, vehicle platforms, and business models.
Navigating a Complex Regulatory Landscape
Regulation has become a powerful driver of automotive cybersecurity investment. Frameworks such as ISO SAE 21434 and UNECE WP.29 UN R155 have set clear expectations for risk management, governance, and accountability. At the same time, emerging regulations such as the Cyber Resilience Act are extending cybersecurity obligations beyond traditional automotive boundaries.
Automotive CIS is positioned as a compliance enabler rather than a compliance burden. By aligning core security functions with regulatory requirements, the standard supports consistent auditability and documentation across the supply chain. For global manufacturers operating in multiple jurisdictions, this harmonised approach can significantly reduce duplication and uncertainty while improving overall security posture.
Industry Leadership at CES 2026
The unveiling of Automotive CIS at CES 2026 underscores the growing convergence between automotive engineering and the broader technology ecosystem. CES has evolved into a global stage for mobility innovation, attracting not only carmakers but also software companies, semiconductor suppliers, and AI specialists.
Speaking at the launch, Autocrypt’s leadership framed Automotive CIS as a foundational response to emerging technological shifts: “Automotive CIS represents the essential foundations necessary for this new era of SDVs, AI mobility, and post quantum computing.” The statement reflects an awareness that cybersecurity strategies must anticipate not only current threats but also future disruptions, including advances in cryptography and artificial intelligence.
Collaboration Across the Supply Chain
Another notable theme in the Automotive CIS announcement is collaboration. Vehicle cybersecurity cannot be addressed by manufacturers in isolation. Suppliers, technology partners, and service providers all play critical roles in securing vehicle platforms throughout their operational lives.
Automotive CIS encourages shared responsibility by providing a common language and architectural reference for cybersecurity practices. This shared framework supports more transparent communication between stakeholders, faster incident response, and clearer expectations around roles and accountability. In an industry where trust and reliability underpin brand value, such alignment is increasingly important.
Operational Visibility Through Vehicle SOC Integration
One of the more significant elements of Automotive CIS is the formal integration of Vehicle Security Operations Centres. As vehicles become connected endpoints, continuous monitoring and response capabilities are no longer optional. Threats can emerge at any point during a vehicle’s operational life, often long after it leaves the factory.
By embedding vSOC functions within the broader infrastructure standard, Automotive CIS supports proactive threat detection and coordinated response. This capability aligns closely with practices already established in enterprise IT and critical infrastructure sectors, bringing automotive security into line with mature cybersecurity disciplines.
Securing the Mobility Ecosystem
Modern mobility extends well beyond individual vehicles. Connected infrastructure, vehicle to everything communications, charging networks, and fleet management platforms all form part of the attack surface. Automotive CIS acknowledges this reality by addressing security across interfaces and data flows that connect vehicles to external systems.
This holistic perspective is particularly relevant as cities invest in intelligent transport systems and governments pursue connected and cooperative mobility strategies. By supporting secure interactions across the ecosystem, Automotive CIS contributes to the broader goal of resilient and trustworthy digital mobility.
Industry Engagement and Demonstration
Autocrypt is showcasing Automotive CIS and its broader cybersecurity portfolio at CES 2026 in Las Vegas, providing industry stakeholders with an opportunity to explore practical implementations and engage directly with subject matter experts. Live demonstrations and technical discussions offer valuable insights into how the standard can be adapted to different organisational contexts.
Such engagement is likely to be critical in driving adoption. Standards gain traction not only through documentation, but through dialogue, shared experiences, and visible success stories across the industry.
Redefining Software, Data, and Connectivity
Automotive CIS arrives at a moment when the automotive industry is redefining itself through software, data, and connectivity. By offering a structured, lifecycle based approach to cybersecurity infrastructure, the standard provides a stabilising reference point amid rapid technological change.
For manufacturers, suppliers, and policymakers navigating the transition to software defined mobility, Automotive CIS represents a practical step towards consistent, scalable, and future ready vehicle cybersecurity.
