Whisper · Docs
Automotive

Automotive compliance: R155, ISO 21434 & the ATM

R155, R156, ISO/SAE 21434, the Auto-ISAC Threat Matrix and the EU Data Act all ask one thing of a connected-vehicle backend: which party is this, is it authorised, and can you prove it and shut it off?

A backend gated by bearer tokens and shared, NAT'd egress IPs can't answer that. A routable, DANE-provable, one-call-revocable IPv6 /128 per party can. It produces the log, the attribution and the kill-switch those frameworks want as evidence, not as a paragraph in a policy document.

What every framework is really asking

Read the connected-vehicle regulations side by side and the same three questions keep surfacing, phrased in five different vocabularies:

None of these is a logging problem you fix with more log lines. They are identity problems: you cannot attribute, monitor or contain an actor that has no stable, provable identity in the first place. Whisper's job here is to give every party on the cloud/IP boundary exactly that identity, then let the standard toolchain read the evidence off it.

The evidence: real and shipped

Everything this page maps to a regulation is a surface that exists and answers today. Four primitives do the work; each is checkable with dig, curl, or one control-plane call.

A device-derived /128 identity

A vehicle or ECU already holds a hardware key: an IEEE 802.1AR IDevID, a TPM, or a secure-element key. Whisper derives a deterministic IPv6 /128 from that key's public SubjectPublicKeyInfo plus the VIN (and an optional ECU serial). The address is tenant-bound (fleet-unlinkable to an outsider), DNSSEC-anchored, DANE-EE 3 1 1 pinned, and RDAP-registered. Re-deriving from the same key and VIN yields the same /128; nothing new to store, nothing to steal that would let a scraper forge it.

# Provision the vehicle/ECU identity from the key it already holds (control plane, live).
# identity_public_key is the base64 SPKI of the device's IDevID / TPM / secure-element key.
curl -sS https://graph.whisper.security/api/query \
  -H 'X-API-Key: whisper_live_xxx' \
  -H 'content-type: application/json' \
  --data '{"query":"CALL whisper.agents({op:\"connect\", args:{tier:\"wireguard\", identity_public_key:\"<base64 SPKI>\", vin:\"1HGCM82633A004352\"}}) YIELD op, ok, status, result, error RETURN op, ok, status, result, error"}'
# -> the deterministic /128 + a WireGuard config. Same key+VIN -> same /128 (idempotent).
#    A different VIN on the same tenant -> 409; a non-string VIN -> 400.

1HGCM82633A004352 is the standard textbook example VIN, used here only as a placeholder. No real vehicle or manufacturer is implied. The --vin CLI flag isn't shipped yet, so vehicle provisioning is shown via the control-plane call above, which is live.

Per-/128 egress logs

Because each party owns a dedicated /128, every DNS lookup and connection it makes is unambiguously its, with no shared-IP noise to filter. Pull one party's trail directly:

CALL whisper.agents({op:'logs', args:{agent:'<the /128>', kind:'conn', from:'-24h'}})
# -> per-event records: timestamp, kind (dns/conn/alloc), destination, decision, bytes

whisper logs --agent <the /128> --from -24h --kind conn

One-call revoke

Containment is a single call. It tears down the /128, its PTR and its DANE record worldwide at DNS-TTL speed. The teardown is provable with the same public tools that proved the identity.

CALL whisper.agents({op:'revoke', args:{agent:'<the /128>'}})
# after it runs:
dig -x <the /128> +short            # -> empty
curl -s https://whisper.online/verify-identity/<the /128>   # -> {"is_whisper_agent": false}

The attribution graph

Turning a raw destination into "known-bad C2" or "clean CDN" is a read-only query against the public graph API. There's no CLI subcommand, just the endpoint any tool can hit:

curl -s https://graph.whisper.security/api/query \
  -H 'X-API-Key: whisper_live_xxx' \
  --data-urlencode "q=CALL whisper.identify('185.220.101.1')"
# -> what the address is, who it belongs to, threat-intel reputation, relationships

The read-only verbs (identify, origins, walk, variants, history) run the same way, over an infrastructure-and-threat-intelligence graph of billions of nodes. That is the enrichment that turns a per-vehicle egress log into a detection.

The map, at a glance

Each row is a framework, the control it asks for, and the shipped evidence that satisfies it. The deep sections below unpack each one.

Framework What it requires Whisper evidence (shipped)
UN R155 (CSMS) Continuous monitoring, attack detection and response over the vehicle-to-backend interface Per-/128 egress logs (monitoring) · attribution graph (detection) · revoke (response)
UN R156 (SUMS) Integrity and traceability of every software update reaching the vehicle DANE-pinned identity on the update endpoint · attributable, revocable logs of the distribution path
ISO/SAE 21434 Risk-driven cybersecurity across the lifecycle; monitoring and incident response in operations Identity as a lifecycle-managed asset: issue → verify → revoke, with the monitoring/IR evidence above
Auto-ISAC ATM A shared taxonomy of automotive tactics & techniques to detect and respond against Evidence maps to ATM tactics: /128 allowlist (Initial Access) · graph (C2) · logs (Exfiltration) · revoke (Containment)
EU Data Act Fair, transparent, consent-bound, revocable third-party access to vehicle data Each authorised party = one verifiable, revocable /128 + a who-accessed-what record

UN R155 (CSMS): monitor, detect, respond

R155 obliges a manufacturer to run a Cyber Security Management System that, among other duties, monitors the vehicle fleet and its backend, detects attacks, and responds to them, with explicit attention to the vehicle-to-backend communication channels and the back-end servers themselves (Annex 5 catalogues exactly those threats). That interface (cloud and IP, not the in-vehicle bus) is precisely where Whisper sits.

The three shipped primitives line up one-to-one with the three verbs R155 uses:

# Monitor: one vehicle's outbound connections over the last day
CALL whisper.agents({op:'logs', args:{agent:'<the vehicle /128>', kind:'conn', from:'-24h'}})

# Detect: score a destination the log flagged
curl -s https://graph.whisper.security/api/query -H 'X-API-Key: whisper_live_xxx' \
  --data-urlencode "q=CALL whisper.identify('<suspect destination>')"

# Respond: contain the compromised identity, provably
CALL whisper.agents({op:'revoke', args:{agent:'<the vehicle /128>'}})

UN R156 (SUMS): update traceability

R156 governs the Software Update Management System: the integrity of every over-the-air update and a traceable record of which software reached which vehicles. Whisper does not sign the update package. The payload's integrity and provenance stay with the manufacturer's code-signing and SUMS process, exactly where they belong. What Whisper adds is on the transport boundary R156 also cares about:

# The vehicle verifies the update endpoint's identity against the DNSSEC root: Whisper's API is NOT trusted
whisper verify --trustless updates.<fleet>.agents.whisper.online
dnssec   pass   DNSSEC-root   AAAA, PTR and TLSA(3 1 1) all DNSSEC-validated to the IANA root
dane     pass   DNSSEC-root   served leaf SPKI-SHA256 == TLSA pin

See DANE & TLSA for the byte-for-byte pin check that stands behind that one line.

ISO/SAE 21434: the secure lifecycle

Where R155 is the regulation, ISO/SAE 21434 is the engineering "how": a risk-driven cybersecurity lifecycle built on threat analysis and risk assessment (TARA). Whisper contributes a concrete, verifiable control that a TARA can cite against specific threat scenarios:

The evidence lands most directly in the operations-and-maintenance phase: the clause family covering cybersecurity monitoring, event assessment and incident response. The /128 is a lifecycle-managed asset: it is issued at provisioning, verified trustlessly by anyone, and retired on revoke, the full issue → verify → retire arc a lifecycle standard expects, with monitoring evidence in between.

# Verify: keyless, no account. Anyone can confirm the identity is genuine and current
curl -s https://whisper.online/verify-identity/<the /128>
# -> {"is_whisper_agent": true, "dane_ok": true, "jws_ok": true, "evidence": {...}}

# The registry record for the same address (RDAP, RFC 9083)
curl -s https://whisper.online/ip/<the /128>

Auto-ISAC Automotive Threat Matrix

The Auto-ISAC Automotive Threat Matrix (ATM) is an ATT&CK-style taxonomy of automotive tactics and techniques, meant to give defenders a common language for what an attack looks like and how to detect it. Whisper's shipped evidence maps cleanly onto several ATM tactics:

ATM tactic How the shipped evidence applies
Initial Access A caller with no allowlisted Whisper /128 (a scraper reusing a stolen token from a random address) never reaches the ingress in the first place.
Command & Control The attribution graph identifies a beaconing destination in a vehicle's egress log as known-bad, without a pre-written signature.
Exfiltration Per-/128 logs show exactly which destination received how many bytes from which vehicle identity.
Impact / Containment revoke severs a compromised identity fleet-wide at DNS-TTL speed, provably.

Roadmap, not shipped: a machine-readable export that emits this evidence as STIX 2.1 objects over TAXII, tagged with Auto-ISAC ATM technique IDs as JSON, is on the roadmap. Today the mapping is analyst-driven from the same logs and graph shown above: real evidence, human-correlated to the matrix.

EU Data Act: the authorised/unauthorised line

The EU Data Act entered into force on 12 September 2025, with accessibility-by-design obligations following in 2026 that require manufacturers to open in-vehicle data to user-chosen third parties. That multiplies the number of parties touching the backend at the exact moment R155 demands you control them: a commercial forcing function pointed straight at identity.

A verifiable per-party identity is, quite literally, the authorised-versus-unauthorised line. An authorised third party is one that holds a /128 it can prove (via DANE and RDAP, keylessly, to you or to a regulator) and that you can revoke in one call. The alternative, a pile of interchangeable bearer tokens, cannot draw that line at all: a token authenticates a claim, never the party.

# A third party proves its identity to you (or a regulator): no account, no shared secret
whisper verify --trustless <the third party's /128>

# You answer "who accessed what" from attribution, not from a DPA paragraph
curl -s https://graph.whisper.security/api/query -H 'X-API-Key: whisper_live_xxx' \
  --data-urlencode "q=CALL whisper.identify('<the third party's /128>')"

The Data Act makes you open the doors; a per-party /128 is the doorway that knows who walked through and can shut on exactly one of them.

SIEM & threat-intel export

The evidence above is pullable now via the logs op and the graph API, and it exports to Splunk, Microsoft Sentinel and OpenCTI today. The remaining exports are on the roadmap, labelled honestly so nobody plans against vapour:

Destination Status
Splunk Shipped
Microsoft Sentinel connector Shipped
OpenCTI Shipped
STIX 2.1 / TAXII feed (with Auto-ISAC ATM technique-ID JSON) Roadmap

Until the roadmap items land, the same records are already reachable: the exports are a convenience layer over evidence you can pull today.

What this is (and is not)

Whisper anchors one boundary: the cloud/IP interface between a vehicle (or a fleet-API consumer) and the backend. It is deliberate about what it does not touch.

Everything on this page that is described as working is checkable, today, with dig, curl and one control-plane call. Everything on the roadmap is labelled as such.

Next