ISO/SAE 21434 International Standard for Automotive Cybersecurity Engineering

Current status of international standards related to vehicle safety/security

ISO/SAE 21434 : Road vehicles - Cybersecurity Engineering

▶ Background

• Increases the possibility of external attacks due to the expansion of the connectivity of the vehicle 
• There is a limitation in applying the existing international standard for functional safety to the cybersecurity area equally ((not all security critical systems are safety critical systems, and even if they fail, there are security critical systems that do not affect safety) 
• Defining automotive-specific cybersecurity terminology, establishing cybersecurity goals, and establishing requirements and guidelines

▶ Goal

• Covers the cybersecurity perspective of automotive electrical and electronic system engineering 
• Define cybersecurity processes and activities and minimum requirements for automotive cybersecurity assessment
• Establishing state-of-the-art cybersecurity engineering procedures applicable to the automotive industry
• Establishment of electrical and electronic engineering plans to prepare for various attack techniques and new attack technologies through a risk-based approach
• In addition, to ensure rigor and legal certainty to be referred to in legislation, ref. UNECE WP29 Cybersecurity regulation

▶ Main Principle

• Road Vehicles Applied 
• Development of safe vehicle systems based on reasonable procedures
• Automakers and parts makers must show “due diligence” 
• Focus on automotive cybersecurity engineering 
• Must be based on the latest technology in cybersecurity
• Risk-Based Approach
  -Prioritized according to risk level
  -Risk analysis for cybersecurity requirements
• Establishment of cyber security management system (management system)
• Cybersecurity activities and processes across the entire vehicle lifecycle:
  -Design, development, production, operation, maintenance, maintenance and disposal of vehicles

▶ Applied Area

• Road car Electrical and electronic systems
• hardware and software components, 
• interfaces System connected (connected) to external equipment/network

▶The following are not covered

• Specific cybersecurity techniques and solutions 
• Requirements for specific improvement methods 
• Requirements for communication systems 
• Requirements for specific telecommunication services and their providers 
• Requirements for charging electric vehicles Specific requirements for autonomous vehicle technology