ISO/SAE 21434 is a standard that provides cybersecurity engineering guidelines for all processes across different phases of a vehicle’s lifecycle.
The overall and sectional structures in this paper have been updated according to the published version of ISO-SAE 21434 as of August 2021.
Download ISO/SAE 21434: Setting the Standard for Connected Cars' Cybersecurity to read the updates on the sectional structure and details on the new standard, along with Trend Micro’s insights and recommendations.
The functions and usage of today’s automobiles are changing as connectivity drives the demand for more modern features, and the automotive industry has been continuously developing and releasing new features to meet this demand. Among a number of modern features, today’s cars feature systems that connect to other vehicles, mobile devices, traffic infrastructure, and cloud systems for different purposes such as:
These new features and systems require an increased dependence on software. While modern features, such as internet access, app-based remote monitoring and management, autonomous driving, and driver-assistance systems, were designed to increase user safety and convenience, they also add complexities and cybersecurity gaps to the whole automotive ecosystem.
For instance, every added feature, sensor, or connection needs to be supported by software in an engine control unit (ECU). The number of ECUs included in connected cars has increased over time, with some having more than 100 ECUs handling different functions, from the engine and powertrain to the brakes, suspension, and electronics subsystems.
Modern connected cars now share networks with mobile devices and have features that have more in common with computers than traditional automobiles. Unfortunately, the increased demand for connectivity — and the rapid pace of development to meet it — inevitably increases the number of exposed and vulnerable components.
Unlike computers, the majority of the connected cars currently in the market do not have over-the-air (OTA) software updates, nor were they designed or manufactured with cybersecurity in mind. This is a critical gap that the industry plans to secure.
Since 2018, over 80 organizations worldwide have participated in the creation of ISO/SAE 21434 “Road vehicles – Cybersecurity engineering,” which is a standard that includes a set of guidelines for securing high-level processes in the design, manufacturing, maintenance, and end-of-life phases of vehicles. While it does not focus on software development or detailing the cybersecurity infrastructure of car subsystems, it defines cybersecurity processes for the cars’ different development phases to fulfill safety level requirements.
Researchers have found a significant number of attack vectors in today’s connected cars. These modern vehicles are connected whenever they are within the range of a cellular network or via short-range radio frequency channels, much like how Bluetooth or Wi-Fi are usually enabled. Cybercriminals can abuse these existing and unpatched security gaps to intercept and steal information, disrupt the car’s normal functions, or even attack the users and endanger their lives.
Some of the current challenges and attack vectors include:
Researchers have published numerous findings documenting the techniques used to exploit security weaknesses and possible attack scenarios against connected cars such as:
The automotive industry is beginning to recognize the narrowing delineation of defenses required in the face of information technology (IT) and in-vehicle technology. And in realizing cybersecurity’s critical importance in connected cars and its related infrastructure, legislative changes could be expected after the implementation of the standard. ISO/SAE 21434 is meant to guide the automotive industry as it adopts more secure online and offline practices to ensure the safety of its users.
To find the structure updates, details, and our insights on the standard’s guidelines, read “ISO/SAE 21434: Setting the Standard for Connected Cars’ Cybersecurity.” The paper includes a summary of the standard’s sections and our recommendations for automotive manufacturers, suppliers, vendors, and mobility service providers.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.