Cyber Security

Automotive Cyber Security: The ISO/SAE 21434

Cyber security in the automotive sector is a big issue. With ISO/SAE 21434, the automotive industry has developed a standard to protect vehicles from possible threats. We show you the basics of ISO/SAE 21434 and together we investigate how it can contribute to improving the safety of vehicles.

What is the ISO/SAE 21434?

There are numerous cyber threats that can be fended off by compliance with ISO/SAE 21434. This standard defines a comprehensive set of security requirements that covers all aspects of automotive cyber security, including system integrity, communication security and monitoring. Meeting these requirements offers numerous advantages, such as improved safety standards, to protect the integrity of vehicle systems and ensure the safety of vehicle components.
They also enable companies to verify and monitor the safety and integrity of their vehicle systems.

By complying with ISO/SAE 21434 requirements, it can thus be ensured that both vehicle systems are protected against cyber attacks and that drivers and vehicles are secured.

Why is Automotive Cyber Security so important?

It is important that we agree on a uniform level of safety for the automotive industry. For this reason, the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE) have developed the ISO/SAE 21434 together.

This standard sets the technical and organizational requirements for automotive cyber security and focuses on protecting vehicles and their systems from cyber attacks. It defines the basic security concepts, requirements and guidelines that must be adhered to to ensure a level of safety that protects vehicle functions and data integrity. In addition, the standard stipulates that safety measures must be implemented at all levels of the vehicle lifecycle. This includes development, production, operation and maintenance. This ensures that the vehicles are protected from cyber attacks throughout their lifecycle.

What exactly is the ISO/SAE 21434?

The standard basically requires the implementation of a CSMS, which allows potential weaknesses in relation to connected vehicles to be actively managed. Such a management system is to be reviewed and certified by an external party, similar to an Information Security Management System (ISMS). Nevertheless, the standard does not define any specific requirements for cybersecurity technologies, solutions or countermeasures.

In general, the norm is divided into 15 sections:

Sections 1 to 4 contain only general information, such as terminology.
Sections 5 and 6 include the necessary guidelines to ensure cybersecurity management. These include a cross-organizational cyber security policy, guidelines and procedures, as well as a special cyber security management for a project.
Section 7 presents ongoing activities in the field of cybersecurity, including the attachment of information for ongoing risk assessment and vulnerability management.
Section 8 defines risk management and describes the procedure for the full identification, assessment and treatment of risks.

While sections 5 to 8 concern the organization, sections 9 to 14 are primarily concerned with cyber security for overall vehicles and individual vehicle components.

Section 9 sets standards for the design of new components. Among other things, relevant assets are to be identified and cybersecurity goals defined.
Section 10 deals with the specification, setup and verification of cyber security for each component during the development phase.
Section 11 in turn validates the specifications of the component at vehicle level.
The post-processing phase consists of sections 12 – Production, 13 – Operation and Maintenance and 14 – Decommissioning, in which respective cyber security aspects are specified.

In the last part of the standard, the supporting processes for cyber security measures are described and the interactions and dependencies between suppliers and customers are shown. The order of the individual sections is not given, since ISO 21434 is to be understood as a framework for the structure and continuous development of the CSMS. It places particular emphasis on uniqueness and the use of the German language.

The benefits of the ISO/SAE 21434 for your company

The introduction of ISO 21434 should not be seen as an annoying duty, but as an opportunity. It enables an improvement in the company structure, offers reputational advantages and reduces cyber risks and damages through active management. The implementation of a CSMS and its certification enables a reduction in liability and insurance risks. In addition, the standard can support the entire company planning and make processes more efficient. In today's world, cyber security and data protection are also always more important for customers.

All in all, the ISO/SAE 21434 is an essential step towards automotive cyber security. It offers a generally accepted standard, which manufacturers and suppliers can orient themselves to protect the vehicles. It is therefore important that companies use the ISO/SAE 21434 as the basis for their automotive cyber security strategy. In this way, they can ensure that their vehicles and systems are protected. With the ISO/SAE 21434, vehicle manufacturers and suppliers can also introduce new technologies to make their vehicles even safer.

We are happy to advise you on the implementation and offer workshops and quick checks to support you in achieving your goals.