Automotive Cybersecurity
  • 30+ years of industry knowledge
  • DEKRA quality in vehicle testing and homologation
  • Network of DEKRA experts worldwide
  • Audit and Certification expertise

ISO 21434:
Automotive Cyber Security Engineering

Concept phase

Definition of

  • E/E Architecture
  • Cyber Security
    • Goals
    • Concept

Product development phase

  • Product development
  • Cyber Security validation

Post-development phase

  • Production
  • Operations and maintenance
  • Decommissioning

The ISO has released a draft version of an automotive cyber security engineering standard (ISO DIS 21434) and has announced to release a new standard for automotive software upload (ISO DIS 24089) to provide common understanding and aspects of automotive cyber security in terms of Processes, Requirements and Guidelines.

Those affected by the ISO 21434 standard are:

  • Vehicle manufacturers
  • Suppliers of software-based components/systems
  • Engineering service providers
  • Software- and ICT-infrastructure service providers

For software upload, compliance to ISO 21434 is a main requirement along the complete vehicle development and lifecycle supply chain.

Our experts help you to organize your processes and products to be compliant to the ISO 21434 Standard.

Get your offer

UN Regulation on Cyber Security (R155) and Software Update (R156)

The UNECE world harmonization forum for vehicle regulations (WP.29) has released two new regulations concerning automotive cyber security (R155) and software updates (R156).

Our experts help you to manage cyber security risks over the complete lifecycle of the vehicle.

Learn more

A vehicle manufacturer must identify and manage cyber security risks concerning vehicles and their connectivity:

  • Continuous monitoring of threats, vulnerabilities and successful or attempted attacks
  • Cyber security risk assessments and corresponding mitigations e.g. by software update
  • During complete lifetime of the vehicle from design to decommissioning

Our experts help you to install and maintain a Cyber Security Management System (CSMS) – or certify your services as well as products and components.

Contact our experts

Vehicle type approval must check the fulfilment of the following requirements:

  • Certified CSMS at the vehicle manufacturer
  • Cyber security risk assessment analysis of the vehicle
  • Implementation of
    • Effective risk mitigations
    • Measures to detect and prevent cyber-attacks
    • Measures to support data forensics
    • Type specific monitoring activities

Get your report of all monitored activities checked by our independent experts.

Contact our experts

The vehicle manufacturer must demonstrate process capabilities for:

  • Recording the hardware and software versions relevant to a vehicle type
  • Identifying software relevant for type approval including interdependencies for updates
  • Assessing if a software update affects type approval and safety
  • Informing vehicle owners of updates
  • Documentation of all the above

Our experts help you to install and maintain a Cyber Security Management System (CSMS) – or certify your services as well as products and components.

Contact our experts!

Vehicle type approval must check the fulfilment of the following requirements:

  • Certified SUMS at the vehicle manufacturer
  • Protected SU ensuring integrity and authenticity
  • Protected Software identification numbers – readable from the vehicle
  • For OTA (Over-The-Air): Restoring capability, sufficient power supply, safe execution, check successful SU
  • Inform users about each update and about their completion or if a mechanic is needed.

Get your report of all monitored activities checked by our independent experts.

Contact our experts!

Requirements for Vehicle Manufacturers and Suppliers

The OEM is responsible

The whole cyber security process is in the hands of the manufacturer and must be maintained throughout the entire vehicle’s lifecycle.

Indirect obligations of suppliers

Requirements for risks, mitigations, testing and support will be cascaded down to the supply chain.

Testing critical components

Security testing of critical components is vital for ensuring the overall security of the vehicle system.

Your needs, our expertise and methods

  • Risk Analysis, TARA
  • Setup CSMS, SUMS
  • Process Assessment 21434
  • Gap Analysis
  • Process Improvement
  • Technical Evaluations
Get in touch
  • ISO DIS 21434
    • Intro
    • Focus: TARA
    • Focus: CS-Development, V&V
    • Focus: Continuous Monitoring
  • UNECE R155 / R156
    • Overview
Book your training
  • Product Penetration Testing
  • Vulnerability Scanning
  • Fuzz Testing
Get your offer
  • Audit/Certification R155/156
  • Type approval R155/156
  • Compliance Verification to ISO/SAE 21434 for Processes and Products
Request now

Get in touch with our experts

jlkjklj
You have to look at cyber security holistically – especially in the automotive industry. Thomas Thurner, Head of Cyber Security
The ultimate goal is to ensure that data remains unchanged and consistent in its digital form. Matthieu Labazuy, Cyber Security Expert
We help to ensure that motor vehicles cannot be manipulated by cyber attacks. Jasper Paulraj, Cyber Security Expert
Get in touch!

Perhaps also interesting:

DEKRA DIGITAL @IAA Mobility: Tech vs Trust? How to ensure Safety in future Mobility
DEKRA Cyber Security Hub
Information Security Awareness
Cyber Security Awareness