ISO/SAE 21434:2021: Road vehicles — Cybersecurity engineering: Theory, Techniques, Testing and Tools
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about ISO/SAE 21434:2021: Road vehicles — Cybersecurity engineering: in Cybersecurity.
Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.
Like ISO 26262 and other aspects of international standards around automotive industry development, ISO 21434 works to protect vehicle and automotive security.
It covers every single stage of the vehicle life cycle from design, secure engineering, and product development to decommissioning. Cybersecurity engineering applies to connected vehicles, electronic systems, software, and more. In addition, the automotive security standard gives developers a thorough road map for incorporating safety measures in development processes across the supply chain.
- The purpose of the standard is to define a structural process to ensure cybersecurity is “designed-in” from the start. This allows developers to address cyber threats to the vehicle and its electrical and electronic components.
OEMs, Tier 1, and Tier 2 suppliers must demonstrate due diligence in handling vehicle development in preventing cyberattacks. The goal is to reduce the potential for a successful attack and minimize potential losses by designing security-in from the start.
Traditional automotive safety and cybersecurity standards have not adequately addressed increasing threats to cybersecurity for road vehicles. This led to OEMs, Tier 1, and Tier 2 suppliers formalizing their own approaches to address cybersecurity.
ISO 21434 eliminates the need for individual approaches and provides a common framework to tackle cybersecurity for automotive production. It defines requirements for cybersecurity processes and develops a common language for understanding software security and cybersecurity risk management.
In summary, ISO 21434 is intended to accomplish the following:
- Define a structural process for cybersecurity in design phases.
- Establish and maintain a consistent framework for cybersecurity globally.
- Provide a threat-informed approach to guide security controls.
- Adopt and apply a risk-based approach.
- Provide guidance for developing a Cybersecurity Management System (CSMS) for vehicles.
- Identify guidelines for cybersecurity across the vehicle life cycle.
- Design and engineering
- Production
- Operations
- Maintenance
- Decommissioning
The first thing to do is to think in the same way as ISO/SAE communicates: The structure of ISO/SAE 21434 does not represent an “execution sequence” of the individual topics.
For the official structure of ISO/SAE 21434:2021, we have created a custom graphical visualization that illustrates the structure not in sequence, but along the development product lifecycle:
