Cars have evolved before our eyes from vehicles into highly efficient cyber-physical systems. Electronic components, software, and interconnected devices have ushered in a new era in automotive history. However, the risk of threats has increased in parallel. The automotive industry’s response to these challenges is the “ISO/SAE 21434 Road Vehicles – Cybersecurity Engineering,” a revolutionary standard that helps address cybersecurity challenges starting from the design phase.
Cybersecurity threats to vehicles are a major concern, as they are becoming more interconnected and increasingly reliant on electronic systems. If hackers can exploit these systems, they could put countless lives at risk. Here are a few examples of this danger:
Hacked Vehicles Pose a Serious Danger
Attackers can exploit vulnerabilities in vehicle-connected systems, like infotainment, Bluetooth, or Wi-Fi, to gain unauthorized access to control systems. They can eavesdrop on wireless signals, track the vehicle’s location, or inject malicious commands.
Once inside the system, they can manipulate critical functions like braking, acceleration, and steering. Keyless entry and ignition systems can also be vulnerable to techniques like relay attacks, which amplify signals from the key fob to unlock or start the car remotely.
Malware can disrupt vehicle functions, steal sensitive data, or even demand ransom for it. Such malware can infiltrate systems through updates or via the OBD-II port used by mechanics for diagnostics.
Connected cars collect enormous amounts of data about passengers, including location history, driving behavior, and personal preferences. Access to this data can lead to identity theft.
The New Cybersecurity Standard: ISO/SAE 21434
The “Road Vehicles – Cybersecurity Engineering,” known as ISO/SAE 21434, is a joint product of the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE). It is the first cybersecurity standard that impacts virtually every operation, role, process, and organization involved, covering the entire vehicle ecosystem.
The primary goal of ISO/SAE 21434 is to make cybersecurity an integral part of development, ensuring these principles apply at every stage of the vehicle’s lifecycle. It also provides comprehensive guidance on managing risks from concept and development to manufacturing, operation, and maintenance.
At the heart of the standard is the concept of cybersecurity engineering. The goal is for manufacturers to systematically identify and mitigate cybersecurity risks associated with vehicle systems and components. The standard outlines a consistent process to define security requirements and then implement and verify measures.
One of the core principles of ISO/SAE 21434 is collaboration. It encourages communication between automakers, suppliers, regulators, and other stakeholders to promote a shared understanding of best practices. It also emphasizes the importance of continuous monitoring and improvement, recognizing that cybersecurity is a dynamic field requiring constant adaptation.
This standard is a groundbreaking advancement in automotive cybersecurity, and its adoption is an urgent task. A document as complex and comprehensive as this may be challenging to grasp initially, but at QTICS, we are here to help you if you need assistance in understanding it. As consultants specializing in embedded systems, network systems, and IoT cybersecurity, we strive to ensure our clients fully understand the new standard and achieve compliance.
Contact: info@tamcert.hu