As part of Agile project management, teams need to implement thorough testing to verify and validate automotive software design requirements in critical product engineering phases to gain confidence that vehicle electric and electronic systems meet automotive cybersecurity policies and processes. This overview of ISO/SAE 21434 shows how it fits into these processes.
What Is ISO 21434?
Like ISO 26262 and other aspects of international standards around automotive industry development, ISO 21434 works to protect vehicle and automotive security.
It covers every single stage of the vehicle life cycle from design, secure engineering, and product development to decommissioning. Cybersecurity engineering applies to connected vehicles, electronic systems, software, and more. In addition, the automotive security standard gives developers a thorough road map for incorporating safety measures in development processes across the supply chain.
The purpose of the standard is to define a structural process to ensure cybersecurity is “designed-in” from the start. This allows developers to address cyber threats to the vehicle and its electrical and electronic components.
OEMs, Tier 1, and Tier 2 suppliers must demonstrate due diligence in handling vehicle development in preventing cyberattacks. The goal is to reduce the potential for a successful attack and minimize potential losses by designing security-in from the start.
Why ISO 21434?
Traditional automotive safety and cybersecurity standards have not adequately addressed increasing threats to cybersecurity for road vehicles. This led to OEMs, Tier 1, and Tier 2 suppliers formalizing their own approaches to address cybersecurity.
ISO 21434 eliminates the need for individual approaches and provides a common framework to tackle cybersecurity for automotive production. It defines requirements for cybersecurity processes and develops a common language for understanding software security and cybersecurity risk management.
In summary, ISO 21434 is intended to accomplish the following:
- Define a structural process for cybersecurity in design phases.
- Establish and maintain a consistent framework for cybersecurity globally.
- Provide a threat-informed approach to guide security controls.
- Adopt and apply a risk-based approach.
- Provide guidance for developing a Cybersecurity Management System (CSMS) for vehicles.
- Identify guidelines for cybersecurity across the vehicle life cycle.
- Design and engineering
- Production
- Operations
- Maintenance
- Decommissioning