Cyber Security ISO 21434

ISO 26262
June 28, 2018
Cyber Security ISO 21434

ISO 21434 is the draft Cybersecurity standard that is applied to Cybersecurity Related Systems that include electric/electronic, wired and wireless communication systems installed in production passenger vehicles. This aims to enable the engineering to keep up with changing technology and attack methods.

With the increase in connectivity in vehicles such as Wi-Fi, WLAN, Bluetooth, USB, network, in cellular communication, apps etc., cars today are more of networked computers on wheels which are increasingly exposed to cyber-attacks. Vehicle to infrastructure, vehicle to vehicle, vehicle to cloud, and vehicle to everything technology also make cars vulnerable to hackers. Features such as automatic braking and remote start would take on a very different character if they were under the control of a remote. Current safety-critical standards are not sufficient to cover this type of risk and therefore new guidelines and standards need to be established.

ISO SAE 21434 “Road vehicles — cybersecurity engineering” is the draft Cybersecurity standard that is applied to Cybersecurity Related Systems that include electric/electronic, wired and wireless communication systems installed in production passenger vehicles. This aims to enable the engineering to keep up with changing technology and attack methods. The intent behind the standard is to provide a structured process to ensure that cybersecurity considerations are incorporated into automotive products throughout their lifetime.

ISO SAE 21434 covers vehicle's lifecycle — from design through to decommissioning by the application of cybersecurity engineering. It specifies cybersecurity risk management regarding engineering for concept, development, production, operation, maintenance, and decommissioning for road vehicle electrical and electronic (E/E) systems, including their components and interfaces. It includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk. This enables organizations to:

• Define cybersecurity policies and processes
• Manage cybersecurity risk
• Foster a cybersecurity culture

QMGC provides Cybersecurity Training, guidance for Engineering process integration and Consulting services involving experts.