As vehicles become more connected, vulnerabilities exploitable by cybercriminals increase.
To that end, ISO 21434 has been created to make sure automotive product developers, OEMs and their suppliers comply in the safer design and implementation of vehicles in the digital age.
Since 2018, over 80 organizations worldwide have participated in the creation of ISO/SAE 21434 “Road vehicles – Cybersecurity engineering,” which is a standard that includes a set of guidelines for securing high-level processes in the design, manufacturing, maintenance and end-of-life phases of vehicles.
While it does not focus on software development or detailing the cybersecurity infrastructure of car subsystems, it defines cybersecurity processes for the cars’ different development phases to fulfill safety level requirements.
Everyone in the automotive industry is in agreement that ISO 21434 is much needed. It’s no secret that researchers have found a significant number of attack vectors in today’s connected cars. These modern vehicles are connected whenever they are within the range of a cellular network or via short-range radio frequency channels, much like how Bluetooth or Wi-Fi are usually enabled.
Cybercriminals can abuse these existing and unpatched security gaps to intercept and steal information, disrupt the car’s normal functions, or even attack the users and endanger their lives.
Unlike computers, the majority of the connected cars currently in the market do not have over-the-air (OTA) software updates, nor were they designed or manufactured with cybersecurity in mind. This is a critical gap that the industry plans to secure, starting with ISO 21434.
Modern connected cars now share networks with mobile devices and have features that have more in common with computers than traditional automobiles. Unfortunately, the increased demand for connectivity — and the rapid pace of development to meet it — inevitably increases the number of exposed and vulnerable components.
While modern features, such as internet access, app-based remote monitoring and management, autonomous driving and driver-assistance systems, were designed to increase user safety and convenience, they also add complexities and cybersecurity gaps to the whole automotive ecosystem.
Want to learn more? Tonex offers ISO/SAE 21434 Training, a 3-day workshop covering requirements for cybersecurity risk management regarding engineering for concept, analysis, development, production, operation, maintenance, and decommissioning for road vehicle electrical and electronic (E/E) systems, including their subsystems, components and interfaces.
For more information, questions, comments, contact us.