Automotive Cybersecurity: ISO/SAE 21434 and Its Necessity

Hello, Engineers! This is Hermes Solutions. Today, I’d like to discuss the necessity of automotive cybersecurity in the rapidly changing industrial paradigm driven by various foundational technologies such as artificial intelligence, cloud computing, big data, and high-speed networks.

The automotive industry is undergoing significant transformation due to the introduction and development of new automotive technologies. With the increasing electronification, intelligence, and connectivity of vehicles, we now enjoy various conveniences and benefits. However, this network-based external connectivity also increases the risks associated with automotive cybersecurity threats, including hacking.

As vehicles’ key functions are no longer dependent solely on mechanical operations but are now controlled and operated through networks, they are exposed to greater threats. Hackers can tamper with or damage a vehicle’s electronic control systems, potentially leading to dangerous accidents that can threaten lives. Furthermore, vehicles can be hijacked, resulting in financial loss.

The Role of UN Regulation No. 155 and ISO/SAE 21434

As the importance of automotive cybersecurity has come to the forefront, the UNECE (United Nations Economic Commission for Europe) organization WP.29 (World Forum for Harmonization of Vehicle Regulations) adopted R155, a regulation related to cybersecurity, in June 2020. In August 2021, the international standard for automotive cybersecurity engineering, ISO/SAE 21434, was established to support the R155 regulation. The UNECE recommends that automotive manufacturers refer to and adhere to the ISO/SAE 21434 standard to operate a Cybersecurity Management System (CSMS). ISO/SAE 21434 provides guidelines and requirements to ensure a systematic and consistent approach to automotive cybersecurity engineering.

ISO/SAE 21434 clearly defines how to manage cybersecurity throughout the entire lifecycle of a vehicle, from the design phase to production, operation, maintenance, and disposal. This standard outlines essential cybersecurity measures across the automotive industry to minimize cyber threats related to vehicles.

The Necessity of ISO/SAE 21434

The concept of automotive cybersecurity did not first emerge with the publication of ISO/SAE 21434 in 2021. In fact, in January 2016, the Society of Automotive Engineers (SAE International) had already published the SAE J3061 guide, which presented an approach to automotive cybersecurity. However, this guide had limitations in comprehensively addressing cybersecurity across the entire automotive industry.

ISO/SAE 21434 has since become an international standard that establishes a response system to mitigate potential cyberattacks and damages that may occur at each stage of a vehicle’s lifecycle. It also defines a risk management process to operate this system. The standard is composed of 15 sections, and both Original Equipment Manufacturers (OEMs) and Tier suppliers must establish a cybersecurity management process that meets the requirements of each section and conduct cybersecurity activities accordingly.

In conclusion, ISO/SAE 21434 is a crucial international standard introduced to enhance cybersecurity, essential for the development of advanced vehicle technologies such as connected cars. It plays a key role in ensuring security and safety in the future automotive industry.

If you have any further questions, please feel free to ask! Let’s discuss how your organization can tackle cybersecurity challenges with the ISO/SAE 21434 standard!

Share this article:

Facebook
Twitter
LinkedIn
WhatsApp