Standards, including the newly published BS ISO/SAE 21434, can give the automotive industry a vital tool with which to manage risk, demonstrate compliance and provide customers with confidence. This article explores how standards can help with the cybersecurity challenges that lie ahead.

The rapid progress of automation and connective technology has brought the reality of automated driving to our doorsteps. Add to this the burgeoning technology in roadside infrastructure and concepts such as V2V and V2I communication – and cars are becoming intricate computers on wheels.

Of course, the movement from traditional closed and unconnected ecosystems to those that are open and connected puts new security demands on the entire supply chain. In addition, the lifecycle management of security-based designs and systems has also become more complicated, with the need for device evaluation and certification; OTA (Over The Air) updates and maintenance, and careful end-of-life decommissioning of products. This new frontier is exciting, but also as the connectivity map of vehicles expands, so too does the attack surface, bringing security threats that could result in significant damage, loss of reputation, and even loss of life.

Moreover, cybersecurity issues touch not only the final product but also items that would previously not have been an issue for Functional Safety, such as transportation and storage of secure keys used in the device. Even the operation of semiconductor design and manufacturing sites comes into question with the need to ensure that access to secure designs and components is adequately controlled. The need for cybersecurity awareness will have an impact on every stakeholder in the supply chain. It’s clear that the automotive industry must rigorously address people’s concerns about the potential vulnerability to cyberattacks of connected vehicles.

What is the Role of Automotive Cybersecurity Standards?

Given that the target is to ensure the safety and security of everyone in their day-to-day lives, cybersecurity needs to become a core horizontal across organizations in the supply chain and something that is “built-in” rather than “bolted on”. And increasingly complex vehicle ecosystems demand a broad set of interdependent rules. This is where standards can play a role.

Standards can define requirements, processes, and work products within the ecosystem and in so doing provide alignment along the supply chain as automotive development cycles tackle the issues of automotive cybersecurity.

BSI produced PAS 1885:2018 on the fundamental principles of automotive cyber security and has played an active role in contributing to BS ISO/SAE 21434 which helps users embed cybersecurity in the engineering of the electrical and electronic systems of road vehicles. Such standards, along with regulations (such as WP 29/UNECE) will build the cybersecurity resilience that is needed now in the automotive product domain.

To learn how and why autonomous vehicles collect and process data, click here.

The Importance of Penetration Testing and Risk Assessment in the Automotive Supply Chain

For example, evaluating security mitigations through planned penetration testing is now a fundamental part of all product design. The automotive industry will need to institute penetration testing of products throughout the supply chain to ensure that mitigations are sufficient and effective for both hardware and software components.

Standards such as BS ISO/IEC 17825:2016 (on testing methods for the mitigation of non-invasive attack classes against cryptographic modules), Federal Information Processing 

Standards (FIPS) and the National Institute of Standards and Technology (NIST) provide direction for test frameworks. Nevertheless, a hacker’s motivations will determine the true threat level, and using risk assessment techniques that are supported in standards such as BS ISO/SAE 21434:2021 will help the supply chain to prioritize the tests that are important.

In addition, BS ISO/SAE 21434:2021 can help automotive organizations plan for quantitative and qualitative data that can be used to visualize potential security gaps when designs are modified or refined for future use.

In summary, there’s no question that the experience gained from previous banking and smartcard applications provides an effective platform on which to build and develop automotive security knowledge and approaches, but adapting these to the rigorous, cost-sensitive demands of the automotive supply chain will be another challenge.

The direction and tools that are supplied by new standards such as BS ISO/SAE 21434:2021 and PAS 1885:2018 among others will supply frameworks to help the automotive industry address the new and undoubted challenges of cybersecurity.

BS ISO/SAE 21434:2021 and over 100,000 more internationally recognized standards are available with a BSI Knowledge subscription which can help build a culture of digital trust in your business. Our tailored subscription service provides flexibility, access, visibility, and control over the standards and insights your educational institution needs to achieve cybersecurity. Build your own custom collection of standards and keep updated with any relevant changes to your cybersecurity strategy. Request to learn more.

Add this BS ISO/SAE 21434:2021 to your collection today.