What Does ISO 21434 Mean for Developers?

Melissa NewmanBlog, Cybersecurity

Developing a vehicle with Bluetooth capabilities? Nowadays, cars with internet connectivity are ubiquitous. And that’s where ISO 21434 comes in.

As we discussed in our previous article on ISO 21434, this internationally recognized standard addresses engineering requirements for cybersecurity risks in-car electronics. Want to know more about the basics of ISO 21434? Check out our last blog!

While understanding what ISO 21434 entails is important, today we’re focusing on the why. Why does ISO 21434 matter to developers? 

What does ISO 21434 mean for developers?

Cybersecurity risks are growing as more cars are more networked. Developers need to be aware of ISO 21434, partly because of its similarity to recent regulations from the United Nations, UN R155.

Why are developers starting to care?

UN R155 isn’t just a standard—it’s a regulation. That means it’s binding for new vehicles in UNECE markets as of July 2022, and developers can expect enforcement in European markets. Both UN R155 and ISO 21434 lay out requirements to promote cybersecurity in the automotive industry, with UN R155 focusing on:

  • analyzing, assessing, and managing cybersecurity risks with connected vehicles;
  • using “cybersecurity by design” to reduce supply chain risks;
  • ensuring up-to-date security in-vehicle software; and
  • implementing systems that detect and mitigate security incidents in vehicles.

If developers want their products approved to go to market, they need the suitable systems – and the right tools to develop those systems – to be compliant with both UN regulations and ISO standards.

What do new cybersecurity requirements mean for the future?

ISO 21434 encourages original equipment manufacturers (OEMs), developers, and suppliers to manage cybersecurity through a vehicle’s entire lifecycle. For full compliance, OEMs and suppliers must demonstrate that they’ve implemented safeguards across the entire supply chain. Requirements include:

  • performing risk assessments,
  • identifying cybersecurity vulnerabilities,
  • ensuring correct safeguards address vulnerabilities, and
  • rigorously testing applications as well as hardware and software components.

Full responsibility for cybersecurity rests with the manufacturer. Developers must therefore cultivate a “security and privacy first” mindset that considers the whole product development lifecycle.

How New Eagle can help

If these standards and regulations sound a bit overwhelming, New Eagle’s ISO experts can help. As part of conceptualizing your design, New Eagle offers an ISO 21434 and 26262 process overview to integrate cybersecurity and functional safety activities.

From the beginning of the concept-development phase, we have our eyes on cybersecurity. This means following a clear path of:

  • Asset identification
  • Threat scenario identification
  • Impact rating
  • Attack path analysis
  • Attack feasibility rating
  • Risk determination
  • Risk treatment decision

Our ISO experts can guide you through concept development and production, always keeping cybersecurity requirements front of mind.

ISO 21434-capable ECUs

New Eagle’s ECU, the RCM112, is ISO 21434 capable. The RCM112 is a general-purpose control module well suited for cybersecurity and functional safety capabilities with advanced performance and connectivity. The RCM112 is a Raptor™ rugged production controller, allowing developers to quickly test and implement application software with the Raptor embedded Model-Based Design (eMBD) platform. 

Functional safety expertise at your fingertips

Our engineers are ready to guide you through the weeds of complex regulations surrounding cybersecurity risks and functional safety. From out-of-the-box ECU solutions to from-scratch product development, we’ll put you in control of the regulatory and design process. Reach out for more information today!