Supporting the automotive cyber security standard
LDRA has welcomed the news that ISO/SAE 21434 automotive cyber security standard has reached the Draft International Standard (DIS) stage. LDRA is committed to fully supporting the standard with enhancements to the LDRA tool suite for Automotive as dictated by formal release of the standard.
Currently under development, ISO/SAE 21434 ‘Road vehicles – Cybersecurity engineering’ is set to replace SAE J3061 ‘Cybersecurity Guidebook for Cyber-Physical Vehicle Systems’. SAE J3061 was published in 2016 as a recommended practice document that provided an engineering process framework for integration with other development processes for the comprehensive and systematic design of cyber security into vehicle systems. Today, ISO/SAE 21434 offers the promise of a substantial document with more detail than the high-level guiding principles of SAE J3061, which is therefore widely anticipated.
The automotive industry is accustomed to dealing with the prescriptive nature of established functional safety documents typified by ISO 26262 ‘Road vehicles – Functional safety’, which was published in 2011. However, a similar standard for automotive cyber security has lagged behind, creating an industry frustration, especially as connected vehicles have become targets for cyber security attacks.
“LDRA is an advocate of sound, secure coding principles, a keen supporter of the ISO/SAE 21434 standard, and an active participant in its development,” said Ian Hennell, Operations Director, LDRA. “However, ISO/SAE 21434 today is in draft stage, and we want to stress that at this time, substantial changes to its content are entirely possible.”
While advising extreme caution in basing any new product development on a DIS document, LDRA is confident that the guidance the organisation can offer today represents current best practice. LDRA therefore anticipates that a substantial majority of that advice will be reflected in ISO/SAE 21434 when it is finalised.
Expanding on that view, Hennell added: “LDRA is at the forefront of best-practice secure coding principles. We are committed to offering sound advice to the industry, and that includes consultation on the development of security-critical application code both now and in the future. Although it would be folly to base the advice we offer on a document that is far from finalised, you can rest assured that LDRA will be among the first to support ISO/SAE 21434 when its contents are confirmed.”