Automotive cybersecurity standard addresses critical gap - Embedded.com

Automotive cybersecurity standard addresses critical gap

The ISO/SAE 21434 standard is the start of a long and tenuous journey that will inevitably see many design challenges along the way.

The news about NXP Semiconductors certified by TÜV SÜD to comply with the new automotive cybersecurity standard ISO/SAE 21434 is the harbinger of a new era that could be reminiscent of how the ISO 26262 functional safety standard reshaped the automotive industry during the past decade. NXP claims to be the first chipmaker to have complied with the ISO/SAE 21434 standard.

Vehicle manufacturers must comply with the R155 automotive cybersecurity regulation for new vehicle type launches in Europe, Japan, and Korea from July 2022 onward; the new automotive cybersecurity standard will be crucial in implementing the R155 requirements across the automotive supply chain. ISO/SAE 21434 provides a rigorous framework intended to enable organizations to design vehicles that are protected against a variety of cybersecurity threats.


Figure 1: Like the ISO 26262 functional safety standard, the ISO/SAE 21434 cybersecurity standard is likely to substantially impact automotive design cycles. Source: Renesas

Unlike the ISO 26262 functional safety standard published in 2011, a standard for automotive cybersecurity has lagged behind. That, in turn, has been terrifying automotive companies since vehicles either already have or will have over-the-air (OTA) software updates. More broadly, as hackers have demonstrated time and again, security vulnerabilities can be introduced both in hardware and software flows.

Connected vehicles linked with external entities—other vehicles, smart city infrastructure, and the cloud—will inevitably require robust security measures to protect the vehicle, its systems, and the back-end networks. The ISO/SAE 21434 standard sets out a framework for effectively managing cybersecurity risks in electrical and electronic (E/E) systems in road vehicles.


Figure 2: The ISO/SAE 21434 standard has been developed under the title “Road vehicles – Cybersecurity engineering.” Source: Siemens Software

There is a risk of cyberattack wherever there is connectivity, but the security breaches in connected cars can lead to severe consequences for both consumers and automakers. It’s hoped that the arrival of automotive cybersecurity technology will put an end to the horror stories that hackers narrate at tech events. However, it’s the start of a long and tenuous journey that will inevitably see many design challenges along the way.

>> This article was originally published on our sister site, EDN.


Related Contents:

For more Embedded, subscribe to Embedded’s weekly email newsletter.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.