ISO/SAE 21434 – a field report

The existing concepts and measures are, of course, indispensable for vehicle safety. However, there is a trend towards ever greater networking in vehicles using embedded platforms. The control units used in this context can be attacked in the classic way. This means that safety needs to be accompanied by a consideration of security. The current safety standards can certainly not be replaced, because they are still very relevant and important, but they must be supplemented accordingly.

The core of the whole thing is that we have few isolated networks today. Especially through embedded products we experience an ever stronger connection to the electronics of customers, this means one is more strongly networked externally and internally and all this with devices that are potentially vulnerable. In addition, there are other scenarios, such as cyber-physical attacks, which can also be used to control actuators by means of received messages. Therefore, in addition to communication, the integrity of the systems used is also very important. In order to be able to react to such scenarios, it is important that systems are not only functionally safe, but also secure against such attacks. Because a lack of security can also compromise safety. Of course this can lead to conflicting safety and security requirements. Here it is necessary to find a common solution in order to be able to build a safe system in every respect.

ISO/ SAE 21434 is a standard that describes how security engineering should work in the automotive environment. It offers a relatively holistic view of the development and the life cycle of vehicles. Among other things, the standard focuses on the risk analysis and the development of secure concepts. This means that an implementation of ISO/ SAE 21434 should help to systematically develop secure vehicles and then keep them secure throughout the entire life cycle of the vehicle. In addition, the standard gains further relevance as it is a recommendation from UNECE WP.29 (Working Party of the Inland Transport Committee (ITC) of the United Nations Economic Commission for Europe (UNECE) on Regulation on Cyber Security). This means that in future it will also be relevant for vehicle type approval that vehicles have been developed securely and that a security lifecycle exists within the company.

For the risk assessment as such, it is important to proceed systematically. In this process, possible damage scenarios should be derived in a structured manner, which can arise if security properties, i.e. properties of the assets in the system, are violated. It is also important to identify which threat scenarios exist and which attack paths can lead to these threats being implemented for threat scenarios where the risk cannot be accepted or treated otherwise. This corresponds to the procedure of the classical risk treatment, in order to determine which risks I can accept, where I can possibly transfer risks and, very strongly, of course, the question of safety-related risks, i.e. how can I prevent the damage from occurring at this point, namely by introducing additional security measures. Of course, there is always the possibility of avoiding a risk, for example by not implementing a particular vehicle function if you cannot get it safely. ISO/SAE 21434 specifies the framework for how the whole and which cornerstones exist for the risk analysis method.

In the end, I believe it is important to understand which lifecycle phases the ISO/ SAE 21434 standard works with and to map how these lifecycle phases are set in the company and whether they have been implemented. Then the great art is actually to let the security run parallel to the other activities and to identify possible synchronization points. The resulting work products of the activities required by ISO, must then be integrated into the development milestones and the later lifecycle.