Automotive Cybersecurity Developments, ISO 21434, and the Future of Functional Safety
Every engineered system has risks: risks to people, risks to the environment, and risks to equipment and facilities. One of the biggest concerns in today’s market is the reduction of cybersecurity threats and many companies are attempting to avoid all type of cybersecurity vulnerabilities.
ISO/ SAE 21434 “Road Vehicles – Cybersecurity Engineering”
ISO 21434 has been developed over the past several years. This requirement is currently a set of guidelines to help secure automotive software development through specifying engineering requirements for cybersecurity risk management including; product development, production, operation, maintenance and decommissioning of electrical systems.
The cybersecurity classification in ISO 21434 is referred to as the Cybersecurity Assurance Level or CAL for short. While CAL is not a mandatory part of the standard, Annex E provides a scheme that can be used to drive the cybersecurity engineering, proving a common language for communicating cybersecurity assurance requirements among the organizations involved. The annex provides as an example, 4 Cybersecurity Assurance Levels.
- CAL 1 – low to moderate
- CAL 2 – moderate
- CAL 3 – moderate to high
- CAL 4 – high
Additionally, if there is negligible impact that would result from a successful cyber-attack on the component, a CAL may not be necessary.
Why is Automotive Cybersecurity so Important?
The primary focus of cybersecurity is the protection of the confidentiality, integrity, and availability of data. In a connected vehicle system, there are many data sources and communication channels that require protection in order to ensure the safety of vehicle operators, road users, and pedestrians. By undertaking a risk analysis and manufacturing automotive components that are resistant to cyber-attacks, your company benefits from increased market acceptance and positive brand associations. Additionally, as more automotive manufacturers adopt the ISO 21434 philosophy, meeting the requirements of the standard may become a required part of your components.
A certification is not currently required. However, the ISO 21434 family of standards consists of many parts and can be challenging to achieve compliance. Intertek can assist in understanding the requirements, developing the supporting documentation, and instilling the confidence that the requirements are met.
How do I understand if Cybersecurity applies to my Automotive Equipment?
The decision whether to perform a cybersecurity assessment for an item or component must be done through the result of a risk-based approach. This can include threat analysis and risk assessment results; complexity of the item or component to be developed; and/or criteria defined by organizational rules and processes.
Intertek ISO 21434 Solutions for Automotive Cybersecurity
Connected vehicle security and safety will continue to be major concerns as they become more prevalent in the market, and OEM’s will need to identify a cybersecurity plan to help secure a complete vehicle ecosystem. Let our Intertek transportation technology and cybersecurity experts help you identify the proper compliance and solutions built specifically to meet your needs.