Hello! With the growing interest in automobiles, automotive cybersecurity has become an important issue. In particular, ISO/SAE 21434 is an essential international standard for managing the cybersecurity of vehicles. Today, I will walk you through the various stages covered by this standard and provide some concrete examples along the way. I’ll explain step by step, so let’s dive in together!

1. Concept Phase

The concept phase is the first stage of product development. At this stage, the main functions of the vehicle, known as “items,” are analyzed for cybersecurity risks, and objectives and requirements are established to prevent these risks. One of the key activities here is Threat Analysis and Risk Assessment (TARA). Through TARA, cybersecurity goals are set to ensure the vehicle operates safely, and specific strategies are developed to achieve these goals.

Example: Let’s assume you are developing an electric vehicle’s charging system. There’s a risk that hackers could infiltrate the network during charging to disrupt the process or gain access to the vehicle’s internal systems. Recognizing this risk, the development team sets a cybersecurity goal of “preventing external network intrusions” and establishes specific security requirements to achieve this.

2. Product Development Phase

Now we move into the actual product development phase, which includes design, integration, and verification. A cybersecurity specification is created based on the requirements derived in the concept phase, and the architecture is designed accordingly. It is important to ensure that the security requirements are properly implemented during this phase. Additionally, security tests such as fuzz testing* or vulnerability analysis** are conducted to verify that the product’s cybersecurity measures work as intended.

*Fuzz testing: A type of automated security test where abnormal data is input into the software to see how the system responds. This helps identify unexpected errors or vulnerabilities, allowing for stronger security. For instance, it checks if the system crashes or stops functioning when receiving unexpected data. **Vulnerability analysis: The process of identifying weak points in a system or software. This includes both known vulnerabilities and potential new ones, with a focus on preventing hacking risks. The analysis evaluates how the system can be attacked and provides corrective measures to fix the vulnerabilities.

Example: During the development of a vehicle’s over-the-air (OTA) update system, a secure architecture is designed to prevent malicious code injection during software updates. The development team conducts fuzz testing to check how the system reacts to unexpected inputs or malicious data, ensuring the OTA system operates securely.

3. Post-Development Phase

In the post-development phase, the product’s lifecycle continues through production, operation, maintenance, and eventually the end of cybersecurity support and disposal. Even after the vehicle has been released, it’s crucial to address any security issues through ongoing updates and responses to potential incidents. Additionally, when the vehicle is no longer in use, it’s important to ensure that personal data is securely disposed of.

Example: Regular OTA software updates are deployed to vehicles after they’ve been released. However, when a new hacking threat is detected, the manufacturer quickly distributes an emergency update to address the security vulnerability. This highlights the need for continuous monitoring and response even after product release. Also, when a vehicle is disposed of, personal data stored in the system is securely erased.

4. TARA: Threat Analysis and Risk Assessment Methodology

A quick note on TARA! This term may be unfamiliar, but it’s essentially a method to identify and address cybersecurity risks in vehicles. Conducted according to the ISO/SAE 21434 standard, TARA should be applied and maintained throughout the product lifecycle. It’s used in the concept, development, and post-development phases to derive cybersecurity goals or address security issues that arise in the operational environment.

The key stages of TARA are as follows:

• Asset Identification: Identify the objects in the system that need protection (e.g., software, communication links).

• Damage Scenario and Impact Assessment: Identify potential negative outcomes from cyberattacks and assess their impact on the system and users.

• Threat Scenario and Attack Path Analysis: List potential attack methods and identify possible attack paths.

• Attack Feasibility Assessment: Evaluate the likelihood of identified attacks being realized.

• Risk Determination: Determine the level of risk by combining the impact and feasibility of attacks.

• Risk Mitigation Strategy: Develop strategies to address the identified risks.

Example: Let’s imagine conducting a TARA for the autonomous driving system of a smart car. One potential scenario could be a hacker tampering with the GPS system to alter the driving route. After analyzing this scenario, the development team might set encryption of route data and network security enhancements as cybersecurity requirements and develop a security strategy based on these findings.