Note: The following article was originally published in Korean by News’Top. The English version includes translator’s notes and minor editorial additions to explain cultural and institutional context.

Key Takeaways:

• Automotive cybersecurity shifts from approval to operations: FESCARO's CSMS Portal automates 2,000+ compliance deliverables per vehicle type.
• Korea-proven platform targets global OEMs and expands into robotics, drones, vessels as UN R155 and CRA drive regulatory spread.
• Tier 0.5 model bridges OEM-supplier gap: Continuous operational optimization and compliance-as-a-platform set FESCARO apart from point-security vendors.

Hong Seok-min, CEO of FESCARO, speaks during an interview with NewsTop. (Photo courtesy of FESCARO)

Connected vehicles are turning cybersecurity into a never‑ending war of documents, audits, and software updates. FESCARO wants to be the company that takes that burden off automakers’ shoulders. “FESCARO will establish a strong presence not only in global automotive cybersecurity, but also across markets that require robust security such as robotics, drones, and vessels.” said CEO Hong Seok‑min.

In an interview, he outlined a roadmap to evolve FESCARO into a platform company that sets the standard for global mobility cybersecurity compliance, rather than simply delivering point security solutions. FESCARO, profitable for five consecutive years, debuted on the KOSDAQ market last month (the country’s equivalent of NASDAQ for innovative, tech‑driven companies).

“Automotive Cybersecurity Is a War of 2,000 Documents— The Real Game Begins After Production”

CEO Hong described automotive cybersecurity as fundamentally a battle of documentation and continuous operations. While the automotive industry is already accustomed to certifications and legislation governing batteries, airbags, braking, and steering systems, cybersecurity compliance operates on a fundamentally different paradigm.

“Traditional automotive certifications typically conclude after development, verification, and approval,” he explained. “But cybersecurity, which spans the entire vehicle, becomes even more critical at the post-production operational stage.”

Since the adoption of UN R155 (UN Regulation No. 155), complying with cybersecurity requirements for a single new vehicle type requires more than 2,000 deliverables. As new vehicles are launched each year, the cumulative operational burden keeps mounting year after year.

The certification framework itself is practically endless. Under European rules, CSMS (Cybersecurity Management System) certification — which verifies an organization’s cybersecurity governance and processes — must come first. Every subsequent vehicle type requires its own Vehicle Type Approval (VTA). CSMS needs recertification every three years, along with annual surveillance audits. Each VTA must be extended whenever a vehicle type is updated.

“If five vehicle types are launched in year one, by year two you are already managing ten, and by year three even more,” Hong noted. “From a cybersecurity team’s perspective, the number of areas they have to manage grows almost exponentially.”

This dynamic makes close collaboration between automakers and tier suppliers indispensable. FESCARO’s distinctive 'Tier 0.5' role grew out of that need, bridging the two across the value chain and reducing the operational burden.

The automotive industry has traditionally operated in a vertically structured value chain, where automakers set the overall direction, break down responsibilities and allocate them to suppliers. Cybersecurity, however, cuts across the entire vehicle architecture.

“Improving security technology alone does not resolve the pain points faced by automakers,” Hong said. He identified FESCARO’s “Tier 0.5” strategy—sitting between automakers and tier suppliers—as the company’s key competitive advantage. “Defining requirements is the hardest part of any business. Once requirements are clearly defined, half the work is done. Many smaller and mid-sized manufacturers struggled to define what they should ask for, and we stepped in to fill that gap.”

“Google Is Our Role Model”: The CSMS Portal That Systematizes Automotive Cybersecurity Compliance and Operations

FESCARO’s competitive advantage lies in its proprietary CSMS Portal, a system that significantly streamlines how automotive cybersecurity activities are managed. Hong described it as “an ERP-like system dedicated to cybersecurity operations.”

“In the past, changing a single sentence meant manually finding and revising all the related documents, and it was difficult to track how far the reviews had progressed,” he explained. “Within the portal, more than 2,000 deliverables are interconnected. When a change occurs, its impact and the completion status of follow-up tasks are tracked automatically.”

The portal is also integrated with A-SPICE, the standard process framework for automotive software development. “When cybersecurity is separated from development workflows, organizations end up with a double burden,” he said. “It’s critical to unify development, verification, certification, and operations into a single continuous flow.”

FESCARO anticipated that customers would increasingly see cybersecurity as a rapidly escalating cost burden. In response, the company commercialized a virtualized Hardware Security Module (vHSM) that meets regulatory requirements through software updates—without replacing physical HSM chips—helping customers reduce their annual costs by an estimated USD 45 million (KRW 60 billion).

FESCARO is innovating its go-to-market model, similar to tools like Notion or Jira, so that customers can experience the product directly and adopt it on their own.

“Previously, it took six hours just to explain our security consulting, solutions, and testing,” Hong said. “Now, the key is letting customers try it out for themselves and feel how convenient it is. Competitors may try to follow, but they won’t be able to keep up with our speed of operation and improvement.”

Hong cited Google’s Android ecosystem as a role model. “Although Android is open source, companies choose Google because no one can replicate its operational know-how,” he said. “As competitors imitate our technology, we widen the gap through our operating model and systems. Competing with global enterprises as a roughly 100-person company has given us invaluable real-world experience.”

Hong Seok-min, CEO of FESCARO, during the interview. (Photo courtesy of FESCARO)

Beyond automotive cybersecurity, FESCARO plans to expand into markets such as robotics, vessels, and drones, where cybersecurity requirements are rapidly emerging. “Automotive cybersecurity requirements are spreading across Europe, the United States, Japan, Korea, China, and India,” Hong said. “Once Europe’s Cyber Resilience Act (CRA) comes into effect, markets like robotics, vessels, and drones are expected to see explosive growth. We are fully prepared to ride that wave.”

<Original Source: NEWS’TOP, “FESCARO CEO Hong Seok-min: ‘Beyond Automotive Cybersecurity, We’re Expanding into Robotics and Drones’“ (in Korean).>