Following President Joe Biden’s recent executive order on improving the nation’s cybersecurity, ISO 21434 takes on even greater importance.
ISO 21434 is expected to help automotive product developers, OEMs and their suppliers to ensure the security of their vehicles. This is critical as vehicles become more connected and with the increase in autonomous cars, it is important that automotive software is designed and implemented with security in mind.
ISO 21434 covers all stages of a vehicle’s lifecycle — from design through to decommissioning by the application of cybersecurity engineering. This applies to all electronic systems, components, and software in the vehicle, plus any external connectivity.
Additionally, ISO 21434 provides developers with a comprehensive approach to implementing security safeguards that span the entire supplier chain.
At the White House, President Biden’s Cyber executive order addresses four general topics across eight operative sections:
- Increasing information sharing from the private sector to the federal government
- Enhancing the security of software purchased by federal agencies
- Establishing a Cyber Safety Review Board
- Improving the cybersecurity posture of the federal government
In regards to ISO 21434, determining the security risk level of a vehicle and its components will be one of the key activities defined in the standard. Manufacturers, developers, suppliers and organizations need to consider several points in a security risk assessment, such as:
- Identification of assets and potential damage resulting from a breach of security features
- Identification and analysis of possible threats, attacks and vulnerabilities
- Determination of risk levels based on damage scenarios and the probability of successful attacks
- Take countermeasures until the remaining risk is acceptable
- Documentation of the important steps and results of the risk assessment process, such as asset lists, damage scenarios, attack reports or risk reports
The first draft of the international standard ISO/SAE 21434 was published in February 2020. The final standard is expected to be released in mid-2021.
Want to learn more? Need help with your ISO 21434 security risk assessments? Tonex offers ISO/SAE 21434 Training, a 3-day workshop covering requirements for cybersecurity risk management regarding engineering for concept, analysis, development, production, operation, maintenance, and decommissioning for road vehicle electrical and electronic (E/E) systems, including their subsystems, components and interfaces.
For more information, questions, comments, contact us.