The automotive industry is experiencing a rapid evolution with the integration of connected technologies and sophisticated software systems. However, this progress brings forth new cybersecurity challenges, necessitating the establishment of standardized approaches to mitigate risks effectively. ISO 21434 is an emerging standard that focuses on automotive cybersecurity. This blog post provides an in-depth exploration of ISO 21434, specifically highlighting Threat Analysis and Risk Assessment (TARA), cyber security controls, implementation strategies, Verification and Validation (V&V) processes and post-development cyber security management. Understanding these crucial aspects is key to developing a comprehensive understanding of ISO 21434 and its role in strengthening automotive cybersecurity practices.
Index Terms — Automotive Cyber Security, ISO 21434, UNR 155, UNR 156
As vehicles become more connected and reliant on complex software systems, cybersecurity has become a vital concern within the automotive industry. The escalating prevalence of cyber threats necessitates a standardized approach to mitigate cybersecurity risks. ISO 21434 , an emerging standard, aims to provide a comprehensive framework for automotive cybersecurity. This article delves into essential elements of ISO 21434, including Threat Analysis and Risk Assessment (TARA), cybersecurity controls, implementation, V&V (Verification and Validation) and post-development cybersecurity management. By exploring these aspects, we can better understand the significance of ISO 21434 in bolstering cybersecurity within the automotive sector.
II. CYBER SECURITY IMPLEMENTATION
Implementing cybersecurity measures within the automotive development lifecycle is an integral part of ISO 21434. The standard emphasizes the importance of integrating cybersecurity into all stages, from concept development to decommissioning. This includes incorporating cybersecurity requirements into the design, development and testing of automotive systems. By adopting a proactive approach to cybersecurity implementation, manufacturers can significantly reduce the potential vulnerabilities in their products and systems.
III. THREAT ANALYSIS AND RISK ASSESSMENT (TARA)
The foundation of robust cybersecurity in the automotive sector lies in conducting a comprehensive Threat and Risk Assessment (TARA). TARA involves identifying potential threats, vulnerabilities and associated risks throughout the vehicle’s lifecycle. ISO 21434 and UNR 155 emphasize the importance of TARA and its integration into the development process. Automakers and OEMs must perform TARA at early stages to identify and mitigate cyber risks effectively. By understanding these risks, automotive manufacturers can implement appropriate cybersecurity controls. Threat Modelling is a technique that is more familiar in the world of cyber security, however TARA is not much different from classical Threat Modelling except the process of how Threat Analysis is made and risks assessed. Below is an indicative diagram of the TARA methodology as per ISO 21434:
IV. CYBER SECURITY CONTROLS
ISO 21434 provides guidance on implementing cybersecurity controls to mitigate identified risks. ISO 21434 does not specify a fixed number of security controls. Instead, it provides guidance on the overall cybersecurity approach and emphasizes the need for organizations to conduct a comprehensive Threat and Risk Assessment (TARA) to identify specific security controls relevant to their systems and processes. The standard focuses on defining security requirements, establishing secure development practices and integrating cybersecurity measures into the entire automotive product lifecycle.
The number of security controls will vary depending on factors such as the complexity of the vehicle’s systems, the organization’s risk appetite and the applicable regulatory requirements. ISO 21434 encourages organizations to adopt a risk-based approach, selecting and implementing controls based on the identified risks and vulnerabilities.
While ISO 21434 does not provide an exact count of security controls, it provides guidance on different categories of controls, such as secure boot process, access control, secure communication protocols, intrusion detection systems, incident and event management, software updates and patch management, malware protection, secure coding, testing and penetration testing, incident response and security awareness and training. Organizations should consider these categories and tailor their security controls based on their specific needs and risk profiles. Below are few of key controls that play a crucial role in safeguarding the confidentiality, integrity and availability of the automotive systems:
A. Secure Boot Process: Ensures that only trusted and authenticated software components are allowed to boot during the startup process, preventing unauthorized or malicious code from executing.
B. Access Control: Defines mechanisms to control and limit access to critical systems and functions. It includes user authentication, authorization and privilege management to prevent unauthorized access.
C. Secure Communication Channels: Establishes secure communication protocols and encryption methods to protect data transmission between different components and systems within the vehicle, preventing unauthorized interception or manipulation.
D. Security Incident and Event Management: Defines processes for detecting, recording and responding to security incidents and events. It includes logging, monitoring and analysis of security-related activities to identify and respond to potential threats promptly.
E. Software Updates and Patch Management: Establishes procedures for managing software updates, including security patches and fixes, to address known vulnerabilities and protect against emerging threats.
F. Malware Protection: Implements measures to detect and prevent the introduction and spread of malicious software (malware) within the vehicle’s systems. This includes antivirus software, intrusion detection systems and secure coding practices.
G. Secure Coding Guidelines: Provides guidelines for secure software development practices, such as input validation, error handling and secure coding techniques, to minimize the introduction of vulnerabilities during the development process.
H. Security Testing and Penetration Testing: Involves conducting security testing, including penetration testing, to identify vulnerabilities and weaknesses in the system’s security controls. It helps validate the effectiveness of implemented security measures.
I. Incident Response and Recovery: Defines procedures and plans to respond to cybersecurity incidents promptly and recover affected systems. This includes incident handling, forensics and restoration of compromised systems
J. Security Awareness and Training: Promotes cybersecurity awareness and provides training to personnel involved in the development, maintenance and operation of automotive systems. This ensures that individuals are aware of potential risks and follow secure practices.
V.CYBER SECURITY V&V (VERIFICATION AND VALIDATION)
Cybersecurity Verification and Validation (V&V) is a crucial process outlined in ISO 21434 for assessing the effectiveness and reliability of cybersecurity measures implemented in automotive systems. V&V activities help ensure that the implemented security controls meet the intended objectives and can withstand potential cyber threats. Here’s an elaboration on Cybersecurity V&V from ISO 21434:
a) Verification: Verification activities focus on evaluating the implementation of cybersecurity controls and confirming that they have been correctly implemented. It involves checking if the security controls have been integrated into the system as intended and that they adhere to the defined cybersecurity requirements.
Code Reviews: Conducting code reviews helps assess the security of the implemented software by reviewing the code for potential vulnerabilities or insecure coding practices.
Configuration Management: Verifying configuration management ensures that the system components and their configurations align with the defined cybersecurity requirements and best practices.
Security Architecture Review: A thorough review of the security architecture helps validate that it aligns with the system’s cybersecurity objectives and provides adequate protection against potential threats.
Secure Development Practices: Verification includes checking that secure development practices, such as secure coding guidelines and processes, have been followed during the development of the system.
b)Validation: Validation activities focus on evaluating the effectiveness of the implemented cybersecurity controls in protecting against potential threats. It ensures that the security controls are robust and capable of withstanding real-world attack scenarios.
Penetration Testing: Conducting penetration tests involves simulating real-world cyberattacks to identify vulnerabilities and assess the system’s ability to resist attacks. It helps validate the effectiveness of the implemented security controls.
Vulnerability Assessments: Regular vulnerability assessments help identify and address potential weaknesses or vulnerabilities in the system. It involves scanning the system for known vulnerabilities and applying appropriate remediation measures.
Security Testing: Performing security testing involves executing various test scenarios to verify the functionality and resilience of the implemented security controls. It may include testing authentication mechanisms, encryption algorithms, access controls and incident response procedures.
Continuous Evaluation: ISO 21434 emphasizes the need for continuous evaluation of cybersecurity measures throughout the development lifecycle. This involves periodically assessing the effectiveness of the implemented controls and adapting them to address evolving threats and vulnerabilities.
Monitoring and Analysis: Continuously monitoring and analyzing security-related activities, such as log files and system events, helps identify potential threats or anomalous behavior. It enables organizations to take proactive measures to mitigate risks.
Emerging Threat Analysis: Keeping abreast of emerging cybersecurity threats and trends is essential. Organizations should conduct regular assessments to identify new threats and evaluate if the implemented security controls adequately address them.
By conducting thorough verification and validation activities, organizations can ensure that their cybersecurity controls are effective, reliable and resilient against potential cyber threats. These activities, along with continuous evaluation, help enhance the overall cybersecurity posture of automotive systems and contribute to a safer and more secure environment.
VI. POST DEVELOPMENT CYBER SECURITY MANAGEMENT
Post-development Cybersecurity Management, as outlined in ISO 21434, refers to the ongoing activities and practices that organizations should implement to maintain the cybersecurity of automotive systems after they have been developed and deployed. It focuses on managing vulnerabilities, responding to incidents and ensuring the continued security of the vehicle throughout its lifecycle. Here’s an elaboration on Post-Development Cybersecurity Management from ISO 21434:
Software Updates and Patch Management: Organizations should establish procedures for managing software updates and patches to address known vulnerabilities. This includes monitoring for updates from software suppliers, conducting risk assessments to prioritize updates and ensuring timely and secure distribution of updates to the affected systems.
Software of Unknown Pedigree (SOTA): SOTA refers to software components or modules that are obtained from external sources whose origin, development process, or security controls are unknown. ISO 21434 recognizes the potential risks associated with SOTA and emphasizes the need for organizations to establish processes to assess and manage these components effectively. This includes conducting risk assessments, establishing controls for SOTA integration and implementing measures to monitor and update SOTA components to ensure their security.
Software Update Management Systems (SUMS): SUMS refers to the processes and systems implemented by organizations to manage the distribution and installation of software updates, including security patches and fixes. ISO 21434 highlights the importance of having robust SUMS in place to ensure the secure and timely deployment of updates. This involves establishing procedures for evaluating the security impact of updates, testing updates for compatibility and integrity and verifying the authenticity and integrity of update packages before installation.
Vulnerability Management: Organizations need to establish a systematic approach to identify, assess and manage vulnerabilities in automotive systems. This involves implementing processes to monitor and analyze emerging vulnerabilities, conducting regular vulnerability assessments and applying appropriate remediation measures to address identified vulnerabilities.
Incident Response: Establishing an incident response plan is essential for effectively responding to cybersecurity incidents. This includes defining roles and responsibilities, establishing communication channels, implementing incident detection and reporting mechanisms and conducting post-incident analysis to identify areas for improvement.
Security Monitoring and Logging: Organizations should implement robust security monitoring and logging mechanisms to detect and respond to potential security incidents. This involves monitoring system logs, network traffic and other security-relevant events to identify suspicious activities or anomalies that may indicate a security breach.
Security Incident Analysis and Forensics: In the event of a cybersecurity incident, organizations should conduct thorough analysis and forensic investigations to determine the root cause, the extent of the impact and the actions required for containment, recovery and prevention of future incidents. This includes preserving evidence, conducting incident analysis and implementing corrective measures.
Supplier Management: ISO 21434 emphasizes the importance of effectively managing the cybersecurity of the entire supply chain. Organizations should establish processes for evaluating and managing the cybersecurity practices of suppliers and ensuring that the components and software they provide meet the necessary security requirements.
Security Awareness and Training: Ongoing security awareness and training programs should be implemented to ensure that personnel involved in the maintenance and operation of automotive systems are aware of potential risks and follow secure practices. This includes regular training sessions, awareness campaigns and updating personnel on emerging cybersecurity threats.
Continuous Improvement: Organizations should continuously review and improve their post-development cybersecurity management practices based on lessons learned from incidents, emerging threats and changes in the automotive cybersecurity landscape. Regular assessments and audits should be conducted to ensure compliance with established cybersecurity policies and procedures.
By implementing effective post-development cybersecurity management practices, organizations can maintain the security of automotive systems throughout their lifecycle. This helps mitigate vulnerabilities, respond to incidents and ensure the overall cybersecurity resilience of the vehicles, protecting both the users and the systems from potential cyber threats.
Certification Process: Obtaining ISO 21434 certification involves a systematic approach and adherence to specific steps listed below
Familiarization: Begin by familiarizing yourself with the requirements and guidelines outlined in ISO 21434. Understand the scope and objectives of the standard to assess its applicability to your organization.
Gap Analysis: Conduct a comprehensive gap analysis to identify the areas where your organization currently stands in relation to the requirements of ISO 21434. This analysis helps identify the necessary measures to bridge any gaps and achieve compliance.
Risk Assessment: Perform a thorough Threat and Risk Assessment (TARA) specific to your automotive systems. Identify potential threats, vulnerabilities and associated risks to develop a comprehensive cybersecurity strategy. TARA
Implementation: Implement the necessary cybersecurity controls and processes in line with the requirements of ISO 21434. This includes establishing secure development practices, integrating cybersecurity measures into the product lifecycle and implementing incident response procedures.
Documentation: Develop and maintain documentation that demonstrates compliance with ISO 21434. This includes policies, procedures, risk assessment reports, cybersecurity control implementation plans and evidence of testing and validation activities
Internal Audit: Conduct internal audits to assess the effectiveness and compliance of your implemented cybersecurity measures with ISO 21434. Identify areas for improvement and take corrective actions where necessary.
Certification Audit: Engage an accredited certification body to conduct a certification audit. The audit will assess the implementation and effectiveness of your cybersecurity measures against the requirements of ISO 21434.
Corrective Actions: Address any non-conformities identified during the certification audit and implement necessary corrective actions to ensure compliance with ISO 21434.
Certification: Upon successful completion of the certification audit and resolution of any non-conformities, the certification body will issue the ISO 21434 certification, indicating your organization’s compliance with the standard.
Surveillance Audits: To maintain certification, periodic surveillance audits will be conducted by the certification body to ensure ongoing compliance with ISO 21434.
Certification Bodies: It is always recommended to verify with the respective certification bodies for their current offerings and accreditations. Here are a few certification bodies that are known for providing ISO certifications, however their specific accreditation to certify ISO 21434 may vary.:
UL (Underwriters Laboratories)
BSI Group (British Standards Institution)
Automakers and OEMs must verify the certification body’s accreditations and expertise in the automotive industry and cybersecurity domain to ensure that they can adequately assess your organization’s compliance with ISO 21434.
ISO 21434, UNR 155 and UNR 156 provide crucial guidelines for enhancing automotive cybersecurity. Through comprehensive Threat and Risk Assessment (TARA), automakers and OEMs can identify and mitigate cyber risks early in the development process. Implementing cybersecurity controls, integrating them into the development lifecycle and conducting regular Verification and Validation (V&V) activities ensure the integrity and security of automotive systems. Furthermore, post-development cybersecurity management practices, including software updates, vulnerability management and incident response procedures, are essential for maintaining the security of vehicles throughout their lifespan. Compliance with these standards is paramount and organizations must adhere to critical timelines. By following these guidelines, automakers and OEMs can establish robust cybersecurity defenses, safeguarding vehicles, drivers and passengers from emerging cyber threats in the rapidly evolving automotive industry. This commitment to cybersecurity contributes to a safer and more secure future of connected and autonomous vehicles.
Johnbasco Vijay Anand is a senior cyber security architect at Technology Excellence (TE) group of NeST Digital with about 21 years of IT experience. Johnbasco holds dual master degree in Computer Science and Physics and is also a cyber-security Ph.D. scholar. Johnbasco is interested in advanced research in cyber security hardening techniques and methodologies using Quantum Computing and Artificial Intelligence and has published multiple research articles in cyber security space.