ISO/SAE 21434:2021 Automotive Cybersecurity

Overview of ISO 21434

ISO/SAE 21434 is a standard developed by the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE). The purpose of launching this international standard is to establish a cybersecurity lifecycle in the automotive environment. Similar to ISO 26262 – the standard for road vehicles – Functional Safety Management, this standard ISO 21434 “Road vehicles — Cybersecurity engineering” provides requirements for a cybersecurity management system including cybersecurity risks in vehicle engineering (e.g. concept, design, development, production, operation, and maintenance).

This standard uses the V-model as an example, to support the product development processes and supports other development models such as agile software development.

ISO/SAE 21434 covers all phases of a connected vehicle's engineering, including electrical and electronic systems, as well as their components and interfaces like:

  • Design and development
  • Production
  • Operation by customer
  • Maintenance and service
  • Decommissioning

The Impact of ISO/SAE 21434

There is a huge impact of ISO/SAE 21434 on automotive OEMs and developers as they have the advantage of developing applications and components that have been thoroughly tested before launch, which benefits security and indeed safety. Testing and identifying vulnerabilities in applications before they harm drivers ensures their safety as well as the reputation of the organization.

To meet the requirements of the ISO SAE 21434 standard, organizations must tailor their cybersecurity activities and continuously improve their specifications and verification methods. This includes governance models, organizational artifacts such as training and awareness, and even the specification of the technical components themselves.

 

ISO 21434 Cybersecurity

The connected car is contributing drivers to an exciting new era in car ownership, but the alarming increase of software in automobiles has also led to cybersecurity concerns. ISO/SAE 21434 considers cybersecurity issues at every stage of the development process, and guides automotive product developers and OEMs in following effective cybersecurity strategies and arrangements for connected vehicles. The ISO/SAE 21434 sets the primary criteria for vehicle cybersecurity engineering. It also applies to all the software comprised in automobiles, motorized systems, and hardware. It includes the stages of development, manufacturing, operation, and reprocessing in the life cycle of a vehicle. The current standard scrutinizes vulnerabilities and puts safeguards in place to ensure the highest level of cybersecurity possible.


The focus point of ISO/SAE 21434 is risk estimation and threat evaluation. The standard emphasizes the definition of common terminology and every facet of cybersecurity. The standardization is associated with the newly developed Economic Commission for Europe of the United Nations cyber security regulation R155. However, ISO 21434 does not cover all the requirements of UNECE R155. To be able to ascertain conformity with the current regulation, a technical standard for motorized developments is to be initiated along with ISO 21434. Regarding the content and structure, the standards are very similar to its predecessor ISO 26262 Road vehicles – Functional safety.

How to Implement ISO/SAE 21434

ISO 21434 provides a framework for establishing security safeguards across the whole supply chain. Implementing a good cybersecurity policy in today's environment is difficult since we have so many linked devices, and hackers are becoming more dangerous. Protecting your product and data from cyber-crime has become critical.

This standard can be used to implement a cybersecurity management system including cybersecurity risk management, in a structured and systematic approach. It provides compatibility to integrate with other related automotive standards such as ISO 26262, ISO/PAS 21448, and IATF 16949.

By utilizing SAE J3061 and ISO/SAE 21434:2021 any organization will be able to protect and defend vehicular assets from cyber-attacks. The list includes best practices, tools, attack monitoring, and incident response.

Application

The automotive industry is undergoing significant transformations, emphasizing the development and implementation of electric cars (EVs) and automated vehicles (AVs). Safety and cybersecurity are the most basic design criteria for EVs and AVs. To mitigate security risks and provide better design, making use of cybersecurity concepts in the automotive industry is of paramount importance. Both SAE J3061 and ISO/SAE 21434:2021 define and guide how to keep autonomous cars secure from hackers. The industry is making use of the National Institute of Standards and Technology (NIST) Cybersecurity Framework to proactively monitor the challenges of vehicle cybersecurity and prioritize ways to curb associated risks. The industry is also trying to approach cybersecurity professionals and firms for balanced and robust security solutions.

Automotive cybersecurity provides end-to-end security that is built around the paradigm of defense-in-depth, a core pillar of the cybersecurity concept. It is imperative that every component of the system must be carefully inspected and verified for security threats. Cybersecurity has become an essential component for both the supply chain segment and OEMs.

Connected vehicles are on the rise and more connectivity poses a greater threat to security. Cybersecurity is a huge concern for automakers and OEMs are no longer relying on suppliers to resolve their security concerns, they are instead opting for other viable solutions. The automotive industry is facing significant cybersecurity concerns, particularly as it moves toward more specialized areas such as electric and autonomous vehicles. Even though artificial intelligence and machine learning are becoming increasingly crucial in new product development, cybersecurity worries about these technologies remain a major concern.