Home Blog Industry Updates New ISO/SAE 21434 security standard and its effect on the industry

New ISO/SAE 21434 security standard and its effect on the industry

Author: Alex Goumans, Meghdipa Manna, Rafael Boix Carpi, Pascal van Gimst

Recently, the new ISO/SAE 21434 security standard was published. The publication of the long-awaited standard marks a major milestone in automotive security. A non-secure automotive E/E solution that does not protect from an adversarial action is majorly disallowed in the market today due to UNECE regulations (namely UN R155) and can hardly be considered state-of-the-art. By addressing the cybersecurity perspective of engineering and development of E/E Systems in road vehicles, the publication of the ISO/SAE 21434 standard is changing the landscape of the automotive industry.

The security standard defines the guidelines, objectives, and requirements for implementing a solid cyber-security culture and supports the implementation of UN R155 across organizations throughout the supply chain. As a result, the standard helps OEMs and their suppliers stay on top of changing technologies and the latest cyber-attack methods.

While this was much-needed in the automotive industry, the timeline for the implementation of UNR155 (set to roll out worldwide from July 2022 onward) and adoption of the ISO/SAE 21434 brings to the surface a number of challenges. According to experts in the industry, compliance to the ISO 21434 standard requires fundamental awareness of cybersecurity which is holistic in nature. This involves adopting a view of how cybersecurity considerations can be included in all processes (both technical and non-technical) on an organizational level, a gap that is yet to be bridged. Further, according to a leading industry semiconductor manufacturer, the rather open nature of the standard means that companies are responsible for “finding their own truth.”

Based on years of experience reviewing, testing, and certifying secure devices and software across various industries, Riscure has created a dedicated Automotive Security Architect Program. This is a primer to automotive security aimed at management, decision-makers, and architects.  In this interactive program, we introduce what security means for the automotive industry in the landscape of the new regulations and point out what the impact is on existing development processes. This training has been updated to reflect on the specifics of ISO/SAE 21434 as well as other automotive security standards. To learn more about our automotive security offer, visit this page.

Share This