ISO/SAE DIS 21434 Automotive Cybersecurity Standard - In a Nutshell

Macher, Georg; Schmittner, Christoph; Veledar, Omar; Brenner, Eugen

doi:10.1007/978-3-030-55583-2_9

Cited by 37 publications

(12 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This standard is focused on cybersecurity risk management requirements in the engineering of electronic systems of road vehicles and includes production, operation, development, maintenance, etc. concepts in engineering [36]. It also includes both components and interfaces of road vehicles.…”

Section: Iso/sae 21434mentioning

confidence: 99%

See 1 more Smart Citation

Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview

Taherdoost

2022

Electronics

View full text Add to dashboard Cite

Businesses are reliant on data to survive in the competitive market, and data is constantly in danger of loss or theft. Loss of valuable data leads to negative consequences for both individuals and organizations. Cybersecurity is the process of protecting sensitive data from damage or theft. To successfully achieve the objectives of implementing cybersecurity at different levels, a range of procedures and standards should be followed. Cybersecurity standards determine the requirements that an organization should follow to achieve cybersecurity objectives and facilitate against cybercrimes. Cybersecurity standards demonstrate whether an information system can meet security requirements through a range of best practices and procedures. A range of standards has been established by various organizations to be employed in information systems of different sizes and types. However, it is challenging for businesses to adopt the standard that is the most appropriate based on their cybersecurity demands. Reviewing the experiences of other businesses in the industry helps organizations to adopt the most relevant cybersecurity standards and frameworks. This study presents a narrative review of the most frequently used cybersecurity standards and frameworks based on existing papers in the cybersecurity field and applications of these cybersecurity standards and frameworks in various fields to help organizations select the cybersecurity standard or framework that best fits their cybersecurity requirements.

show abstract

Section: Iso/sae 21434mentioning

confidence: 99%

“…It also includes both components and interfaces of road vehicles. The main aim of this standard is to ensure that cybersecurity concerns are addressed in the engineering of road vehicles and that they are protected against different cyber-attacks [36].…”

Section: Iso/sae 21434mentioning

confidence: 99%

Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview

Taherdoost

2022

Electronics

View full text Add to dashboard Cite

show abstract

“…Finally, the standard also specifies that "cybersecurity interface agreements" should be reached with suppliers in order to clarify task responsibilities. In [11] Macher et al reviewed ISO/SAE DIS 21434, and Macher and Schmittner also published an overview of automotive cybersecurity standards [26]. An important regulatory body for vehicles is the World Forum for Harmonization of Vehicle Regulations (WP.29) which is part of the United Nations Economic Commission for Europe (UNECE), and 54 countries have agreements to follow this regulatory body, including several non-European countries.…”

Section: Standards Regulations and Related Workmentioning

confidence: 99%

“…𝐼 𝑠𝑢𝑚 = 10 (𝑖 𝑠 + 𝑖 𝑓 ) + 𝑖 𝑜 + 𝑖 𝑝 (11) Security level. Finally, the security level is derived using the matrix in table 17.…”

Section: B Heavens 10mentioning

confidence: 99%

Proposing HEAVENS 2.0 – an automotive risk assessment model

Lautenbach

Almgren

Olovsson

2021

Computer Science in Cars Symposium

View full text Add to dashboard Cite

Risk-based security models have seen a steady rise in popularity over the last decades, and several security risk assessment models have been proposed for the automotive industry. The new UN vehicle regulation 155 on cybersecurity provisions for vehicle type approval, as part of the 1958 agreement on vehicle harmonization, mandates the use of risk assessment to mitigate cybersecurity risks and is expected to be adopted into national laws in 54 countries within 1 to 3 years. This new legislation will also apply to autonomous vehicles. The automotive cybersecurity engineering standard ISO/SAE 21434 is seen as a way to fulfill the new UN legislation, so we can expect quick and wide industry adoption. One risk assessment model that has gained some popularity and is in active use in several companies is the HEAVENS model, but since ISO/SAE 21434 introduces additional requirements on the risk assessment process, the original HEAVENS model does not fulfill the standard.In this paper, we investigate the gap between the HEAVENS risk assessment model and ISO/SAE 21434, and we identify and propose 12 model updates to HEAVENS to close this gap. We also discuss identified weaknesses of the HEAVENS risk assessment model and propose 5 additional model updates to overcome them. In accordance with these 17 identified model updates, we propose HEAVENS 2.0, a new risk assessment model based on HEAVENS which is fully compliant with ISO/SAE 21434. CCS CONCEPTS• Computer systems organization → Embedded and cyberphysical systems; Dependable and fault-tolerant systems and networks; • Security and privacy → Security requirements; Systems security; Embedded systems security.

show abstract

“…Both safety and cybersecurity for an ADS (SAE level 3+) are also the topic of ISO TR 4804. This report refers to ISO 26262, ISO PAS 21448, and ISO SAE 21434 Automotive cybersecurity [23] 4 but focuses on application towards an ADS. It specifically mentions the HMI issues of control transition, operating mode and responsibility awareness, potential lingering effects of automated mode, behaviour in traffic while in automation mode (dHMI) and communication with other road users when necessary (eHMI), as well as potential technologies and test procedures to use.…”

Section: Hisa In a Safety Lifecyclementioning

confidence: 99%

Human Interaction Safety Analysis Method for Agreements with Connected Automated Vehicles

Warg

Skoglund

Sassman

2021

2021 IEEE 94th Vehicular Technology Conference (VTC2021-Fall)

View full text Add to dashboard Cite

Connected and automated vehicles with a large variety in operating modes and operational contexts are now emerging. A vital safety assurance issue, also stressed by recent standards and guidelines, is the safety of human-machine interaction (HMI). This paper proposes, and shows a small example of using, a framework for human interaction safety analysis. It is intended for integration in an iterative development lifecycle and to be used in conjunction with relevant standards. In the framework, an analysis is first conducted to elicit all agreements between humans and the automated function, then an interaction analysis method is used to find potential problems with proposed interfaces affecting each agreement. Risk assessment is conducted to determine if risk reduction is necessary, and verification and validation activities are used to provide support for the analysis results and evidence of HMI safety for an assurance case.

show abstract

ISO/SAE DIS 21434 Automotive Cybersecurity Standard - In a Nutshell

Cited by 37 publications

References 12 publications

Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview

Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview

Proposing HEAVENS 2.0 – an automotive risk assessment model

Human Interaction Safety Analysis Method for Agreements with Connected Automated Vehicles

Contact Info

Product

Resources

About