Overview of ISO/SAE 21434
ISO/SAE 21434 is a standard developed by the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE). The purpose of launching this international standard is to establish a cybersecurity lifecycle in the automotive environment. Similar to ISO 26262 – the standard for road vehicles – Functional Safety Management, this standard ISO SAE 21434 “Road vehicles — Cybersecurity engineering” provides requirements for a cybersecurity management system including cybersecurity risks in vehicle engineering (e.g. concept, design, development, production, operation, and maintenance).
This standard uses the V-model as an example, to support the product development processes and supports other development models such as agile software development.
ISO/SAE 21434 covers all phases of a connected vehicle's engineering, including electrical and electronic systems, as well as their components and interfaces like:
- Design and development
- Operation by customer
- Maintenance and service
The Impact of ISO/SAE 21434
There is a huge impact of ISO/SAE 21434 on automotive OEMs and developers as they have the advantage of developing applications and components that have been thoroughly tested before launch, which benefits security and indeed safety. Testing and identifying vulnerabilities in applications before they harm drivers ensures their safety as well as the reputation of the organization.
To meet the requirements of the ISO SAE 21434 standard, organizations must tailor their cybersecurity activities and continuously improve their specifications and verification methods. This includes governance models, organizational artifacts such as training and awareness, and even the specification of the technical components themselves.