ISO / SAE 21434

from Wikipedia, the free encyclopedia

With ISO / SAE 21434 "Road vehicles - Cybersecurity engineering" a new standard for cyber security / information security is being developed. Committee Draft (CD) status was achieved in September 2018, i.e. H. some of the details described below are subject to change. The publication of the final standard is planned for November 2020. The designation indicates that the standard is to be developed jointly by a working group from ISO and SAE and then approved by both organizations.

Due to the increasing risks of cyber attacks on vehicles and because the infrastructure for online updates of vehicles ( OTA ), fleet management, communication between vehicles (Car2X) and other requirements, the vehicles offer new attack surfaces, the standard should propose measures for the development. The standardization is related to the currently developed EU cyber security regulation. In coordination with the EU, UNECEa certification for a "Cyber ​​Security Management System" (CSMS) has been developed, which according to the current proposals should be mandatory for the type approval of vehicles. With ISO 21434, a technical standard for automotive development is to be created in order to be able to at least partially prove compliance with the expected regulations.

Goals of the standard

The focus of the standard is on the definition of a common terminology and the most important aspects of cybersecurity. The application of the standard is intended to make it easier for companies to demonstrate that they are responsible and careful handling in the development of vehicles and the prevention of cyber attacks. The activities in product development according to the standard are controlled on the basis of a risk assessment, and measures for organizational anchoring are required. Processes are required, but the standard only describes the task of a process, but leaves the design of the sequence to the users. Special technologies or solutions are not suggested and autonomous vehicles are not given a special status in the recommendations of the standard.

Content and structure

In terms of content and structure, the standard has similarities to ISO 26262 "Road vehicles - Functional safety", to which reference is made at various points. The structure of the standard is currently in one piece with the following chapter structure:

Chapters and appendices of ISO 21434
Cape. title content
1 Scope General points contained in every ISO standard.
2 Normative references
3 Terms and abbreviations Development of a common terminology for cyber security.
4th General considerations Describes the context and structure of this standard, for example the interfaces to the vehicle's environment.
5 Overall cybersecurity management Organizational measures of the company, in the phases of the life cycle up to the decommissioning, for example processes and specific roles for employees.
6th Project dependent cybersecurity management Project dependent cybersecurity management describes the requirements for the management of cybersecurity development activities.
7th Continuous cybersecurity activities This is about continuous cybersecurity activities: monitoring of cybersecurity, evaluation of cybersecurity events, weak point analysis and weak point management.
8th Risk assessment methods Different methods for analyzing risks, e.g. B. Type of threat, attack routes and damage potential.
9 Concept phase This is about the analysis of whether and which cyber security risks exist for the product.
10 Product development Definition of requirements and tasks for product development, e.g. performing system analyzes, checking the correct implementation of requirements.
11 Cybersecurity Validation This section describes activities for cybersecurity validation at vehicle level. The activities are carried out when the integration of the components is completed.
12 Production Definition of requirements and tasks for production so that the measures of product development are actually implemented in the product and that production cannot become a gateway for cyber attacks.
13 Operations and Maintenance This section describes how to respond to cybersecurity incidents and updates.
14th Decommissioning This is about decommissioning, i.e. decommissioning an element or component.
15th Disturbed Cybersecurity Activities This section specifies requirements for distributed cybersecurity activities.
A. Summary of cybersecurity activities List of activities in the various phases and their brief description.
B. Examples of a cybersecurity culture Positive and negative examples that characterize a cyber security culture in a company.
C. DIA Template Example The Development Interface Agreement (DIA, also known as the service interface agreement or description) is already known from ISO 26262 and defines the distribution of tasks between the supplier and the customer in the development of components / subsystems.
D. Cybersecurity Relevance Assessment: Methodology and Examples Catalog of questions to assess the relevance of a system with regard to cyber security, d. H. whether measures according to this standard are necessary at all.
E. Cybersecurity Assurance Levels Here, for example, the Cybersecurity Assurance Levels (CAL) are defined, which, similar to the ASIL in ISO 26262, are used to control the effort of cybersecurity measures. In contrast to ISO 26262, no measures are recommended in ISO 21434 depending on the CAL. The CALs remain a qualitative classification that the organization (developing company) evaluates itself.
F. Methods for Verification and Validation Keyword-like description of the methods for checking the product and the analyzes accompanying development.
G Artefacts needed for production and post-production phase Typical documents for production that show that cyber security measures have been implemented. This section is still incomplete in the CD version.
H Example Use Cases and Work Products: Head Lamp System Exemplary application of the standard on a headlight that is electronically controlled.
I. Information to reader about terms with Oxford dictionary definition General information on terms that are also used outside of the standard.
J Methods for testing cybersecurity vulnerabilities in the cybersecurity event assessment This section is still incomplete in the CD version.

Chapter 4 and the annexes A – J are informative.

Threat analysis and risk assessment

A central point of ISO / SAE 21434 is threat analysis and risk assessment. The general endeavor to conduct threat analysis and risk assessment is described in Chapter 8. The concept phase, as described in Chapter 9, consists of the definition of the object of investigation (Section 9.3), the finding of cybersecurity goals (Section 9.4) and their bundling into a holistic cybersecurity concept (Section 9.5). Most of the process of identifying cybersecurity goals is to rely on the procedure outlined in Chapter 8.

The main steps in performing an ISO / SAE 21434 compliant threat analysis and risk assessment are (in order of idealized linear execution):

  • Item definition (Section 9.3)
  • Asset identification (section 8.3)
  • Identification of threat scenarios (Section 8.4)
  • Damage assessment (Section 8.5)
  • Attack Path Analysis (Section 8.6)
  • Assessment of the feasibility of an attack (Section 8.7)
  • Risk determination (Section 8.8)
  • Decision on risk treatment (Section 8.9)
  • Cyber ​​Security Goals [RQ-09-07]
  • Cyber ​​security claims [RQ-09-08]
  • Cyber ​​security concept (Section 9.5)

See also

  • SAE J3061 "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems"
  • ISO 26262 "Road vehicles - Functional safety"

Web links

Individual evidence

  1. a b Presentation by Markus Tschersich, Continental AG at the "Infinion Automotive Cybersecurity Forum", October 25, 2018
  2. UN Task Force on Cyber ​​security and OTA issues (CS / OTA) - Transport - Vehicle Regulations - UNECE Wiki. Retrieved January 23, 2019 .
  3. Inside the ISO / SAE 21434. In: YSEC. Retrieved June 30, 2020 (American English).