The ISO 21434 is a process-oriented standard of the automotive industry that helps define a structured process to ensure cybersecurity along the lifecycle, although it does not prescribe specific cybersecurity technology, solutions or remediation methods.
With the backing of the White House, ISO 21434 was officially released in August 2021. Also known as “Road vehicles — cybersecurity engineering” the ISO 21434 standard is the type of legislature the Biden Administration wanted more of in order to combat current and foreseeable cyber-attacks.
ISO 21434 focuses on the cybersecurity risk in road vehicle electronic systems. This standard requires automotive manufacturers and suppliers to demonstrate due diligence in the implementation of cybersecurity engineering and that cybersecurity management is applied throughout the supply chain to support it.
ISO 21434 is intended that organizations will encourage a cybersecurity culture so that everything is designed with security considerations from the start.
ISO/SAE 21434 has specific requirements for software development including analysis to check for inherent weaknesses and the overall consistency, correctness, and completeness with respect to cybersecurity requirements.
ISO 21434 is important because with the increase in connectivity in vehicles and the development of autonomous cars, the risks of cyberattack and subsequent damage also increase. Most authorities in cybersecurity believe past safety-critical standards were not sufficient to cover this type of risk and therefore new guidelines and standards need to be established.
Manufacturers, developers, suppliers and organizations need to consider several points in a security risk assessment, such as:
- Identification of assets and potential damage resulting from a breach of security features
- Identification and analysis of possible threats, attacks and vulnerabilities
- Determination of risk levels based on damage scenarios and the probability of successful attacks
- Take countermeasures until the remaining risk is acceptable
- Documentation of the important steps and results of the risk assessment process, such as asset lists, damage scenarios, attack reports or risk reports
The new ISO/SAE 21434 safeguards the entire development process and lifecycle of a road vehicle and promotes “security by design.”
Want to learn more? Tonex offers ISO 21434 Certification, a 5-day course that provides guidance developed by Tonex to help the automotive industry in the process of implementing cybersecurity in their vehicles, systems, subsystems and parts.
ISO 21434 Certification training provides the technical details and best practices of cybersecurity engineering based on ISO/SAE 21434 such as how to identify security objectives and how do we assess the security procedures and methods like TARA (Threat and Risk Analysis). Learn about what typical threats are by applying cybersecurity to life-cycle, products, process, and security engineering procedures.
For more information, questions, comments, contact us.