The new standard ISO/SAE 21434 Road vehicles – Cybersecurity engineering places enormous challenges for car manufacturers and suppliers.
Dozens of cybersecurity requirements defined by ISO/SAE 21434 will have an impact on the entire value chain within the automotive industry.
- I. How will ISO/SAE 21434 affect the ecosystem around road vehicles?
- II. Non-compliance to ISO/SAE 21434 and the consequences
- III. Be one step ahead: use a Gap Analysis to pre-audit to ISO/SAE 21434 compliance already today
How will ISO/SAE 21434 affect the ecosystem around road vehicles?
No matter if you are car manufacturer or Tier-n supplier – your organization will be affected by ISO/SAE 21434 on all levels:
Organizational level: Starting at C-level management, general awareness about cybersecurity must be given in all relevant departments. Decision-makers need to have an overview about: Why does cybersecurity matter? What kind of certification is necessary? How can cybersecurity awareness be spread onto other levels of the organization? What about documentation to have a proof of compliance when it comes to legal issues?
Project level: from the initial kick-off to the final completion of projects, cybersecurity must be considered at every single step to guarantee that the entire product in itself is cybersecure.
Engineering level: steering wheels, headlights, sensors, radar and LiDAR systems, lane keeping systems, software – every single connected component of the vehicle must be cybersecure.
You want to learn more about the specific requirements of ISO/SAE 21434, the UN Regulation No. 155 (UN R155), and future certification? Read more about it in our Blog article Gosh! We need an ISO/SAE 21434 Risk Assessment, now. Stay calm. Here is your general overview of ISO 21434 and UNECE Regulation No. 155 (WP.29).
Non-compliance to ISO/SAE 21434 and the consequences
Compliance to more than 100 requirements of ISO/SAE 21434 is the recommended way to comply to UN R155, which will become mandatory for the approval of all new vehicle types by July 2022.
Non-compliance to the standard and the regulation may lead to cost- and time-intensive disasters. Your components may not be allowed to be used within the car. The car itself may be banned from final type approval.
In other words: insufficient compliance to ISO/SAE 21434 means no compliance to UN R155, means no sales.
Therefore, time to act is now. Start identifying and closing potential cybersecurity gaps within your organization, processes, or products. The earlier, the better.
Be one step ahead: use a Gap Analysis to pre-audit to ISO/SAE 21434 compliance already today
Some organizations in the automotive industry may be already investing large amounts of resources – people, time, and money – into cybersecurity measures. Many others, however, have only just begun taking into account the upcoming ISO/SAE within their plannings and actions. Some may even have postponed a dedicated cybersecurity agenda up to this day.
Are you wondering, if what you are doing today is sufficient in order to comply to ISO/SAE 21434 and UN R155 in the future? If there are any cybersecurity aspects that have been neglected, or even forgotten while setting up the development of your vehicle component or car itself? Will your product or process fulfill tough cybersecurity requirements?
Regardless of which group you see yourself in, it is of central importance to have answers to those central questions. Only then you can initiate or continue adequate measures on each level, implement them at the right time, and adjust them where necessary. Detecting gaps at an early stage will pay off in the end, as it will prevent costly corrections afterwards. It will ensure full compliance to ISO/SAE 21434, and ultimately to UN R155 in the future.
A professional Gap Analysis for you, practical cybersecurity experience for us
In our function as pioneers in the field of automotive cybersecurity, we have already gained deep knowledge and much experience around ISO/SAE 21434. (It is not without reason that CYRES Consulting is a member of the DIN and ISO working group, which is covering cybersecurity topics such as the ISO/SAE 21434 and ISO PAS 5112, and is, for example, designing guidelines for auditing cybersecurity engineering related to road vehicles.)
It is of particular interest to us to not only define those cybersecurity guidelines and criteria of compliance, but also to apply and practically evaluate them in real cases with our clients.
Free ISO/SAE 21434 Gap Analysis: join us in ensuring and applying cybersecurity at this early stage
Our approach is to offer cybersecurity expertise to pioneers who want to start applying cybersecurity already today.
- Is your organization a car manufacturer or supplier?
- Are you already dealing with ISO/SAE 21434 or UN R155, but are not sure if your actions and measures are sufficient to meet the new requirements?
- You have only heard about ISO/SAE 21434 and UN R155, but have not started cybersecurity measures at all?
Our offer of a free Gap Analysis is tailored to anyone who wants to know about their current status quo with regard to future cybersecurity certification. Depending on your individual situation, our Gap Analysis will cover custom-tailored fields and scopes in the context of ISO/SAE 21434 and UN R155 compliance. You will gain valuable insights into your individual status from a cybersecurity perspective on all levels of your organization – no matter which phase you are currently in.
Together we can make sure that none of your scarce resources are wasted, and that you initiate or adjust your investments and measures the right way at the right time.
Find out more about our ISO/SAE 21434 Gap Analysis.
Manuel Sandler is Associate Partner at CYRES Consulting. He has many years of experience in global project and process management in various parts of the value chain, including OEMs and Tier-1. He is ASPICE Provisional Assessor and an expert in Engineering Process Development, ISO 26262, ISO/IEC 15288 and ISO/SAE 21434 Road Vehicles – Cybersecurity Engineering.