ISO/SAE 21434 Cybersecurity
The Context of ISO/SAE 21434
As connectivity and digitization become an integral part of Autonomous and Electric vehicles, Cybersecurity must be ensured over the entire product life cycle as a means of ensuring passenger safety but also protecting systems maker from financial loss, operation disruption or privacy and data breach.
The United Nations Economic Commission for Europe (UNECE) WP.29 working groups released a binding regulation on Cyber Security (UN-R155) for OEMs and third parties to address these arising threats. The implementation framework is documented in the state-of-the-art standard ISO/SAE 21434 and requires establishing a mature Cyber Security Management System (CSMS) and demonstrating the capability to implement Cybersecurity at the product level.
Hence, the UN-R155 regulation and the ISO/SAE 21434 standard impact the whole automotive industry and create an unprecedented challenge for OEMs and Tier-N.
CS Group Canada possesses the know-how and practical expertise to perform complete security assessment and implementation through the application of ISO/SAE 21434, including security management at organization and project levels, continuous cyber security activities, associated risk assessment methods, and cyber security solutions within the concept product development and post development stages of road vehicles.
Building a safe and secured product is the ultimate goal and every employee as a role to play. We have developed trainings sets adapted to all stakeholders from executive team (C-suite, V-suite) to engineering departments (System, Safety, HW and SW engineers) and production lines to increase cybersecurity awareness and foster cybersecurity culture within your organization.
Independent snapshot from our ISO 21434 certified expert to identify gaps and define incremental action plan toward certification and compliance. Our Gap Analysis covers various topics such as Organisational, Project and Product Level Risk Assessment and can be adapted to your unique context.
This is the starting point and the “command and control” of all Cybersecurity efforts. From the initial Cybersecurity framework definition up to Cybersecurity Management System third party certification, we will help you institute, audit (ISO PAS 5112) and maintain cybersecurity governance, including cybersecurity awareness management, competence management and continuous improvement.
Unsecured software updates (new navigation features, firmware updates to ECU) can introduce vulnerabilities at vehicle level. Our Software and Security team will define processes, methods and suggest platform solution to handle Over The Air (OTA) SW updates compliant with ISO 24089 Road vehicles – Software update engineering.
Cybersecurity must be integrated into all phases of the project to ensure a component can be released for post-development from a cybersecurity perspective. Our experienced cybersecurity managers will define the Cybersecurity Interface Agreement (CIA) and Cybersecurity Plan, build the Cybersecurity Case and help you toward third-party Cybersecurity Assessment.
Automotive products are often being developed as out of context (aka without specific customer requirements). Our product engineering department will recommend system architecture including HW/SW features to comply with “must have” OEM cybersecurity requirements and prevent costly redesign in the end.
Continual cybersecurity activities must be performed during all the phases of the lifecycle and can be done outside of a specific project. We will define a dedicated process to:
- Monitor cybersecurity information to identify cybersecurity events.
- Evaluate cybersecurity events to identify weaknesses.
- Identify vulnerabilities from weaknesses.
- Manage and respond to identified vulnerabilities and Incidents.
Identifying threats and risk associated is key to define the most adapted risk reduction methods. Our cybersecurity risk analysis specialists will perform the TARA including Attack Tree to make an informed decision as to how to best manage the identified risks.
Defining the right Concept and Architecture for your product will prevent costly rework during integration phase. From the definition of the Items under development including assets and functions to the Cybersecurity goals and Requirements elicitation, our solution architects will accelerate the identification of the Cybersecurity controls to be implemented.
The ISO/SAE 21434 is a process-oriented standard and do not detail specific cybersecurity solutions. Our solutions architects will assess your current architecture and recommend concrete cybersecurity solutions (HSM, Secure Diagnostics, Secure ECU, Secure Communication) for the most vulnerable assets. Then they will integrate solutions into your current design to improve overall cybersecurity resilience.
Our customers can rapidly and efficiently tailors ISO/SAE 21434 requirements to their context, thanks to our practical experience. We will be by your side to tackle your cybersecurity challenges:
- Accelerate your certification / compliance roadmap through a proven Gap Analysis methodology
- Increase your cybersecurity risk awareness through COTS training and workshops
- Recommend technical solution to increase cyber resilience of your product
Why consider CS Canada?
With 20+ years of experience in ADAS Level 2+ projects combined with airborne fail-operational mode certification, our engineers have crafted innovative approaches and products to accelerate the development, certification, and commercialization of autonomous and electric vehicle embedded technologies.
More than 50 OEMs, Tier 1, and, start-ups trust us to be their Functional Safety and Cybersecurity Manager and support them in their certification challenges.
Let’s make safe & secure connected mobility a reality today.