The International Organization for Standardization (ISO) has published the final version of its new standard – ‘ISO/SAE 21434, Road vehicles – Cybersecurity engineering’. Its publication follows an extensive development across four drafts since its initial proposal in 2016. The new standard is a collaboration between ISO’s technical committee, ISO/TC 22, its subcommittee, SC 32 Electrical and electronic components and general system aspects, and SAE International’s Vehicle Cybersecurity Systems Engineering Committee.
The core aim of the standard is to ensure that effective cybersecurity strategies and measures are put into place by OEMs and automotive product developers when developing new connected vehicles. In addressing the cybersecurity perspective in the engineering of in-vehicle electrical and electronic (E/E) systems, ISO/SAE 21434 profiles the technologies and attack methods OEMs should be aware of. It also defines the vocabulary, objectives, requirements, and guidelines necessary to achieving a common understanding of the role cybersecurity engineering plays across the supply chain.
Similarly, it specifies the engineering requirements for cybersecurity risk management at various points across the vehicle lifecycle – from the concept and product development phases, to the operation and maintenance of the vehicle itself, through to the decommissioning of its E/E systems (including components and interfaces). This careful management works to ensure that cybersecurity becomes, and remains, a key aspect of future vehicle development for OEMs.
ISO/SAE 21434 was jointly developed with SAE International – a global association of more than 128,000 engineers known for its work on outlining the five levels of vehicle automation. SAE’s own knowledge is utilized in the standard, with input provided by a selection of its engineers. It also draws on recommendations taken from SAE’s Cybersecurity Guidebook for Cyber-Physical Vehicle systems, a set of high-level guiding principles for vehicle cybersecurity.
Due to the standard only being applicable to series production road vehicle E/E systems developed after its release, it may be some time until the vehicles that enact it are revealed. However, as more automakers continue to adopt an increasing number of hardware and software solutions into their future vehicles, cybersecurity is highly likely to become an important element in the lifecycle of these vehicles.
You can find out more about ISO 21434 in this white paper