Applus+ Laboratories industry insight: Why do car companies need to pass the ISO 21434 standard?

The International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE) jointly drafted and published the ISO 21434 standard (full name ISO/SAE 21434 Road Vehicles - Automotive Cybersecurity Engineering) to further improve safety regulations in this area, creating a set of international standards for vehicle cybersecurity.

In this article, our Applus+ Laboratories experts showcase in-depth insight about the ISO 21434, interpreting how car companies can improve their cybersecurity level within its framework.

Main features of the ISO 21434 standard

The main features of ISO 21434 are reflected in the following aspects:

1. Comprehensiveness: ISO 21434 covers the entire lifecycle of vehicle cybersecurity, including concepts, development, production, operation, maintenance, and scrapping stages. This helps enterprises  systematically identify and manage cybersecurity risks, ensuring that all aspects are effectively controlled.
2. Practicality: ISO 21434 provides a universal set of cybersecurity process standards without specifying specific technical solutions. Enterprises can flexibly apply and improve their cybersecurity level according to actual situations.
3. Innovation: ISO 21434 emphasizes deep defense strategies, evaluates potential threats and vulnerabilities, reduces risks through multi-layer cybersecurity controls, and helps enterprises cope with current and future network security challenges.
4. Collaboration: ISO 21434 encourages organizations to comply with cybersecurity standards and regulations, ensuring that their software development processes comply with corresponding cybersecurity requirements, which helps industry enterprises better integrate resources, reach consensus, and jointly address network security issues.

How can Applus+ Laboratories contribute to ISO 21434 implementation

The standard document of ISO 21434 proposes the methodology for vehicle information security risk evaluation - TARA, which includes steps such as asset identification, threat scenario identification, impact analysis, attack path analysis, attack feasibility rating, risk level evaluation, and risk handling measures. Experts from Applus+ Laboratories can provide certification support to automotive companies through TARA and penetration testing, helping to ensure the safety of automotive components and systems.

In addition, Applus+ Laboratories, as an independent certification laboratory, can provide cybersecurity evaluations of certification schemes for some vehicle components, such as GSMA (for eSIM), wireless power consumption (for wireless QI chargers), general standards or SESIP (for safety critical components such as V2X HSM), etc. When there are no mandatory requirements, Applus+ Laboratories can also provide independent cybersecurity evaluations to ensure network recovery capabilities.

Now, ISO 21434 is an important reference document for government regulation, industry guidance, and enterprise internal control in the field of automotive information security. It establishes comprehensive requirements for information security of road vehicles, their components, and interfaces, helping automotive companies achieve their vehicle information security management goals.

Always ready to meet upcoming industry advances, Applus+ Laboratories will continue to focus on the latest standards and provide professional services to ensure the cybersecurity of automotive systems and components.