Backed up by vehicle electrification, car connectivity, and autonomous driving, cybersecurity is taking a newfound importance for automotive software and hardware development. In fact, today’s premium cars have between 70 to 100 electric code units (EUCs), which amount to 100 million lines of code and this trend will only keep growing. By 2030, the average car model is expected to have 300 million lines of software code.
The ISO/SAE 21434 regulatory framework under the UN R155 ensures cybersecurity management throughout the entire automotive supply chain. Here’s how it involves Tier 1-3 automotive suppliers.
The ISO/SAE 21434 standard is closely linked to the UNECE Regulation No 155, a set of regulatory requirements for cybersecurity and software updates in vehicles. Developed as a response to the increasing threat of cyber-attacks on vehicles and their systems, this regulation ensures that all new vehicles sold in the EU meet minimum cybersecurity standards.
Specifically, the ISO/SAE 21434 standard guides the implementation of Cyber Security Management Systems (CSMS) throughout the entire automotive supply chain. Relevant for vehicle manufacturers, suppliers and service providers; its implementation can aid organizations in improving operational efficiency, reducing costs and boosting their reputation in the industry.
Compliance with ISO/SAE 21434 can also help organizations comply with other relevant standards and regulations such as:
The ISO/SAE 21434 standard involves all automotive suppliers throughout the automotive supply chain, from Tier 1 to 3 levels. Here’s how each tier is involved in the automotive supply chain:
Each component in the automotive supply chain has its architecture, hardware and software and therefore, different risks that their manufacturers and clients must be aware of.
The Threat Analysis and Risk Assessment (TARA) works as a consolidated method to ensure that all OEMs implement appropriate and efficient cyberattack risk mitigations. One of the main TARA requirements is ensuring that these manufacturers have a CSMS to assess risk management throughout the entire vehicle model.
That’s why even if the recent UNECE Regulation No 155 updates only mandate that vehicle manufacturers have their own CSMS, the pressure to manage and mitigate cybersecurity will also fall onto their suppliers. This means that Tier 1-3 vendors will also have to implement their own CSMS, thankfully this can be ensured through ISO/SAE 21434 certification.
The Certificate for ISO/SAE 21434 Conformity guarantees that suppliers can manage their product cyber risks during the entire life cycle of the product, from concept until decommissioning stages. This includes detecting and answering security incidents in a reasonable period.
To successfully implement a CSMS under ISO/SAE 21434 requirements specifications, it’s vital to understand the specifications vocabulary, the purpose of each requirement and how to implement them throughout the organizational structure.
Organizations must ensure that employees take an active role. We recommend training, assigning roles and responsibilities, and instilling essential cybersecurity know-how.
Defining the scope of their CSMS before executing is also key. This includes conducting a gap analysis of its current implementation state and focusing on critical points that need to be improved. Once this is done, each objective should be backed up by a specific activity to execute them.
The last step is checking if the requirements are met and making the needed adjustments if any deviations arise. This process can be iterated as many times as needed until final objectives are met.
In the automotive industry, independent laboratories can help suppliers reassure trust with vehicle manufacturers by issuing conformity certificates that prove specific requirements, such as ISO 21434, have been met.
At Applus+ Laboratories, we offer a complete one-stop-shop service to ensure vital cybersecurity requisites are met throughout the entire automotive supply chain, including ISO/SAE 21434:2021 standard implementations. This includes:
Additionally, our cybersecurity experts can perform penetration testing campaigns for automotive components and whole vehicles and deliver accurate reports to measure ISO 21434 compliance.
We are backed up by objectivity, expertise, transparency and regulatory compliance expertise. Our capabilities make us a trusted partner for businesses, consumers and regulatory agencies looking to meet specific product, service and organizational requirements.
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). Click HERE for more information. You can accept all cookies by pressing the "Accept" button or configure or reject their use by clicking here.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy