Getting to know ISO 21434: Cybersecurity in road vehicles

Melissa NewmanBlog, Cybersecurity

Speaking to your car (and having it respond) is all we dreamed of while watching Knight Rider in the ‘80’s – and now we take it for granted as we cruise down the highway.

Unfortunately, the futuristic capabilities we enjoy have a downside: they open your car to potential cyberattacks. 

That’s where ISO 21434 comes in – the standard for cybersecurity for your vehicle.

A little background on ISO

You probably know that ISO, the International Organization for Standardization, is an independent, worldwide, non-governmental body that establishes standards in a wide range of industries.

But did you know it was founded in 1946, has more than 800 technical committees, and has developed over 24,000 standards?

Or that ISO is not an acronym, but a standard, recognizable prefix derived from the Greek isos, meaning “equal.”

ISO works closely with the International Electrotechnical Commission (IEC) on guidelines related to electrotechnical standardization, including ISO 26262. That older standard on automotive functional safety may be familiar, but ISO 21434 has been adapted for a new age of technology.

What is ISO 21434?

Together, ISO and the Society of Automotive Engineers (SAE) co-developed ISO/SAE 21434 “Road vehicles—Cybersecurity engineering,” and released it in 2021. It specifies engineering requirements for cybersecurity risks in the design and development of car electronics. The standard covers cybersecurity governance and structure, secure engineering through a vehicle’s full lifecycle, and post-production security.

From initial design to end-of-life decommissioning, everything related to a vehicle’s electrical and electronic systems’ cybersecurity (including components and interfaces) falls under the purview of ISO 21434. That means each phase of the vehicle’s lifecycle is covered:

  • Design and engineering
  • Supply chain
  • Production
  • Customer operation
  • Maintenance and service
  • Decommissioning

ISO 21434’s lifecycle approach to cybersecurity risk management makes it one of the most comprehensive guidelines relating to vehicle cybersecurity.

Why do we need ISO 21434?

As vehicle designs incorporate multiple interfaces like Bluetooth and LTE, cars have essentially become moving networked computers. And computers are vulnerable to hacking. Upstream Security’s 2020 Global Automotive Cybersecurity Report cited a 605% increase in cybersecurity incidents between 2016 and 2019. That level of escalation means higher risk for property damage and personal injury.

ISO 21434 mitigates cyberattack risk by providing security guidance for developers and manufacturers that cultivates a common language for software security, greater collaboration across the supply chain, and a culture of safety. Ultimately, that means increased protection for consumers.

Next up: What does ISO 21434 mean for developers?

If you want to understand automotive safety standards today, you need to recognize the risks of inadequate cybersecurity. That starts with determining what ISO 21434 means for your business. New Eagle is here to help. 

Learn more about why developers need to be up to speed on ISO 21434—and how New Eagle can assist—in our next post, Why ISO Should Matter to Developers!