Automotive Cybersecurity
  • 30+ years of industry knowledge
  • DEKRA quality in vehicle testing and homologation
  • Network of DEKRA experts worldwide
  • Audit and Certification expertise

ISO 21434:
Automotive Cyber Security Engineering

Concept phase

Definition of

  • E/E Architecture
  • Cyber Security
    • Goals
    • Concept

Product development phase

  • Product development
  • Cyber Security validation

Post-development phase

  • Production
  • Operations and maintenance
  • Decommissioning

The ISO has released a draft version of an automotive cyber security engineering standard (ISO DIS 21434) and has announced to release a new standard for automotive software upload (ISO DIS 24089) to provide common understanding and aspects of automotive cyber security in terms of Processes, Requirements and Guidelines.

Those affected by the ISO 21434 standard are:

  • Vehicle manufacturers
  • Suppliers of software-based components/systems
  • Engineering service providers
  • Software- and ICT-infrastructure service providers

For software upload, compliance to ISO 21434 is a main requirement along the complete vehicle development and lifecycle supply chain.

Our experts help you to organize your processes and products to be compliant to the ISO 21434 Standard

UN Regulation on Cyber Security (R155) and Software Update (R156)

The UNECE world harmonization forum for vehicle regulations (WP.29) has released two new regulations concerning automotive cyber security (R155) and software updates (R156).

Our experts help you to manage cyber security risks over the complete lifecycle of the vehicle.

A vehicle manufacturer must identify and manage cyber security risks concerning vehicles and their connectivity:

  • Continuous monitoring of threats, vulnerabilities and successful or attempted attacks
  • Cyber security risk assessments and corresponding mitigations e.g. by software update
  • During complete lifetime of the vehicle from design to decommissioning

Our experts help you install and maintain a Cyber Security Management System (CSMS) – and certify your services as well as products and components.

Vehicle type approval must check the fulfilment of the following requirements:

  • Certified CSMS at the vehicle manufacturer
  • Cyber security risk assessment analysis of the vehicle
  • Implementation of
    • Effective risk mitigations
    • Measures to detect and prevent cyber-attacks
    • Measures to support data forensics
    • Type specific monitoring activities

Get your report of all monitored activities checked by our independent experts.

The vehicle manufacturer must demonstrate process capabilities for:

  • Recording the hardware and software versions relevant to a vehicle type
  • Identifying software relevant for type approval including interdependencies for updates
  • Assessing if a software update affects type approval and safety
  • Informing vehicle owners of updates
  • Documentation of all the above

Our experts help you install and maintain a Cyber Security Management System (CSMS) – and certify your services as well as products and components.

Vehicle type approval must check the fulfilment of the following requirements:

  • Certified SUMS at the vehicle manufacturer
  • Protected SU ensuring integrity and authenticity
  • Protected Software identification numbers – readable from the vehicle
  • For OTA (Over-The-Air): Restoring capability, sufficient power supply, safe execution, check successful SU
  • Inform users about each update and about their completion or if a mechanic is needed.

Get your report of all monitored activities checked by our independent experts.

Requirements for Vehicle Manufacturers and Suppliers

The OEM is responsible

The whole cyber security process is in the hands of the manufacturer and must be maintained throughout the entire vehicle’s lifecycle.

Indirect obligations of suppliers

Requirements for risks, mitigations, testing and support will be cascaded down to the supply chain.

Testing critical components

Security testing of critical components is vital for ensuring the overall security of the vehicle system.

Your needs, our expertise and methods

  • Risk Analysis, TARA
  • Setup CSMS, SUMS
  • Process Assessment 21434
  • Gap Analysis
  • Process Improvement
  • Technical Evaluations
  • ISO DIS 21434
    • Intro
    • Focus: TARA
    • Focus: CS-Development, V&V
    • Focus: Continuous Monitoring
  • UNECE R155 / R156
    • Overview
  • Product Penetration Testing
  • Vulnerability Scanning
  • Fuzz Testing
  • Personal Certification ISO 21434
  • Product Certification ISO 21434
  • Process Certification ISO 21434
  • Audit/Certification R155/156
  • Type approval R155/156

Get in touch with our experts

jlkjklj
You have to look at cyber security holistically – especially in the automotive industry. Thomas Thurner, Head of Cyber Security
The ultimate goal is to ensure that data remains unchanged and consistent in its digital form. Matthieu Labazuy, Cyber Security Expert
We help to ensure that motor vehicles cannot be manipulated by cyber attacks. Jasper Paulraj, Cyber Security Expert