SAE International, in collaboration with the International Organization for Standardization (ISO), published ISO/SAE 21434™ Standard: Road Vehicles – Cybersecurity Engineering. The standard helps the industry define a structured process to ensure cybersecurity is incorporated into the design of road vehicles, including systems, components software and connections of any external device or network.
Originally published as a draft in February 2020, the seminal ISO/SAE 21434 standard provides industry cybersecurity professionals and product developers with a pragmatic approach to establishing a solid foundation for integrating cybersecurity within the product development lifecycle—from project initiation to decommissioning.
The standard focuses on the fundamentals of cybersecurity including requirements, process and goals in business disciplines including product development, production, operations and maintenance. The document includes two significant elements:
Threat Analysis and Risk Assessment (TARA) describes methods to determine the extent to which a road user can be impacted by a threat scenario. The methods can be called systematically and from any point in the lifecycle of an item or component.
Product Development describes the specification of the cybersecurity requirements and architectural design into the product development and weaves it into the “Systems Engineering V Model” approach used extensively throughout industry.
The ISO/SAE 21434 standard is the culmination of work from a joint development group of more than 100 experts from 14 nations in the fields of engineering, product development and cybersecurity disciplines. ISO/SAE 21434 builds on the tenets of SAE J3061™ Standard: Cyber Security Guidebook for Cyber-Physical Vehicle Systems, the world’s first automotive cybersecurity standard.
To support cybersecurity professionals looking to incorporate ISO/SAE 21434 into their workflows, SAE is now offering Automotive Cybersecurity Certification, in partnership with TÜV SÜD Division Mobility. The two-day professional development seminar provides OEMs and suppliers with a common language, an understanding of cybersecurity threats and protections, as well as laws and regulations that impact the entire international mobility industry. The training provides participants with the necessary basic knowledge to fulfil the forthcoming statutory obligations concerning automotive cybersecurity.
A complimentary webcast, Cybersecurity Engineering - What to Expect in ISO/SAE 21434 Standard, will take place on Thursday, 16 September 2021, at 10:00 a.m. ET. The webcast offers attendees an opportunity to hear from the authors of ISO/SAE 21434, who will detail the importance of the new document and how it can be applied to a company’s product development process.