ISO/SAE 21434 "Road vehicles - Cybersecurity engineering" is a standard for cyber security in motor vehicles. The status of the International Standard (IS) is "Published" since August 2021, so it is still quite young (as of September 2022).
Due to the increasing risks from cyber-attacks on vehicles and because the infrastructure to online updates of vehicles (OTA), fleet management, communication between vehicles (Car2x/V2X) and other requirements offer the vehicles new attack surfaces, the standard is to propose measures for development. The standard is related to UNECE Regulation R 155 "Cyber security and cyber security management system." R 155 requires vehicle manufacturers to be certified with regard to a cyber security management system. This certification is a prerequisite for a vehicle to obtain type approval for road use in the EU and other contracting states. The application of ISO 21434 is considered a building block to facilitate certification. However, ISO 21434 does not cover all the requirements of R 155. In addition, these requirements for type approvals also bring the topic of "functional safety" further into focus.
The standard applies to components (electronic parts and software) of vehicles produced in series, as well as spare parts and accessories. It covers the phases of development, production, operation, maintenance and recycling in the life cycle of a vehicle. Infrastructure outside the vehicle, such as servers of the vehicle manufacturer for diagnostics, software updates or diagnostic testers (off-board diagnostics) are not covered by the standard (a major shortcoming in my view).
The activities in product development according to the standard are controlled on the basis of a risk assessment, and measures for organizational anchoring are required for this purpose. Processes are required, but the standard only describes the task of a process, leaving the design of the process to the companies. No special technologies or solutions are proposed, and autonomous vehicles are not given special status in the recommendations of this standard.
