On March 26th and 27th, 2026, the 9th AutoCS Intelligent Vehicle Cybersecurity Conference & Exhibition was held in Shanghai, bringing together automotive OEMs, tier 1 suppliers, security vendors, and standards experts to address the rapidly evolving challenges of connected and autonomous vehicles.
atsec proudly participated in this critical conversation, delivering a well-received presentation on leveraging mature security assurance frameworks to connected cars, and connecting with attendees at Booth B5 throughout the two-day event.
Applying Established Standards to Automotive Cybersecurity
On the morning of March 26, Dr. Yi Mao, CEO of atsec USA, together with Jinyun Chen, a principal consultant at atsec China, took the stage to present “Applying Established Security Standards—CC, FIPS, and PCI—to Automotive Cybersecurity.” The talk addressed a growing gap in the automotive security landscape: while frameworks like ISO/SAE 21434 provide robust guidance on risk management and system-level security engineering, they offer limited direction on how the underlying cryptographic implementations should be independently verified.
A modern intelligent vehicle with all sorts of connectivity is nothing short of a complex computing platform on four wheels. They increasingly rely on cryptography to protect integrity and secrecy for critical functions—secure boot, over-the-air (OTA) updates, deployment of digital keys, vehicle-to-device communication as well as vehicle-to-cloud communication, and V2X connectivity, just to name a few. The presentation explored how established assurance frameworks can fill this gap:
- FIPS 140-3 and the Cryptographic Module Validation Program (CMVP) provide a mature framework for validating cryptographic modules through rigorous testing, covering algorithm correctness, key management, self-tests, and operational security.
- Common Criteria (CC) offers a framework for evaluating the security functionality of embedded components and provides product-level security assurance.
- Payment Card Industry (PCI) Security Standards, including the Mobile Payments on COTS (MPoC) and Secure Software Framework (SSF), become increasingly relevant as vehicles begin to integrate payment services.
The presentation not only gained audience’s attention but also won their heart. Unlike a professional talk one commonly expects at a security conference, Yi and Jinyun gave audience a nice surprise by vividly taking them through a futuristic scenario where Jinyun took Yi out to grab a quick work lunch at McDonald’s, used his digital key to auto-unlock the car, let his car auto-drive them, and authorized the car to automatically handle the payment at the drive-through. In such a sequence of use cases, automotive security intersects directly with cryptography, digital key applets, and financial security. This narrative approach connected every tangible step of the journey to the security functions that can be tested and evaluated under FIPS, CC, or PCI assurance frameworks, making validated cryptography and payment systems the cornerstone of transaction security and digital trust in automotive environments.
atsec Honored with 2026 Outstanding Automotive Information Security Laboratory Award
Later that morning, atsec was honored to receive the 2026 Outstanding Automotive Information Security Laboratory award. Yi and Jinyun accepted the award on stage, recognizing atsec’s contributions to automotive cybersecurity testing and evaluation, reflecting atsec’s ongoing commitment to applying rigorous, standards-based assurance methodologies to the automotive industry.
Engaging with the Automotive Community
Throughout the conference, atsec’s team was on hand at Booth B5 to discuss how the well-established international security standards such as Common Criteria (ISO/IEC 15408 and ISO/IEC 18045), FIPS 140-3 (a wrapper of ISO/IEC 19790 and ISO 24759), and PCI security standards can extend their applications to support automotive cybersecurity assurance. Attendees included security engineers from OEMs and Tier 1 suppliers, certification bodies, and technology vendors.
Conversations at the booth centered on information security, covering topics such as vehicle cybersecurity, Payment Card Industry Data Security Standard (PCI DSS), and the application of penetration testing in automotive contexts. The engaging exchange of ideas and insightful discussions with industry peers demonstrated the value of bringing our decades of experience to this rapidly growing emerging industry.
Looking Ahead
atsec looks forward to continuing the conversation with automotive OEMs, suppliers, and certification bodies—helping to build a future where the security assurance of intelligent vehicles is grounded in standards-based, third-party independent testing and evaluation, the methodology that atsec has excelled at for more than a quarter-century.
