30+ years of industry knowledge
DEKRA quality in vehicle testing and homologation
Network of DEKRA experts worldwide
Audit and Certification expertise
ISO 21434: Automotive Cyber Security Engineering
Definition of
E/E Architecture
Cyber Security
Product development phase
Product development
Cyber Security validation
Production
Operations and maintenance
Decommissioning
The ISO has released a draft version of an automotive cyber security engineering standard (ISO DIS 21434) and has announced to release a new standard for automotive software upload (ISO DIS 24089) to provide common understanding and aspects of automotive cyber security in terms of Processes, Requirements and Guidelines.
Read more
Those affected by the ISO 21434 standard are:
Vehicle manufacturers Suppliers of software-based components/systems Engineering service providers Software- and ICT-infrastructure service providers
For software upload, compliance to ISO 21434 is a main requirement along the complete vehicle development and lifecycle supply chain.
Our experts help you to organize your processes and products to be compliant to the ISO 21434 Standard .
UN Regulation on Cyber Security (R155) and Software Update (R156)
The UNECE world harmonization forum for vehicle regulations (WP.29) has released two new regulations concerning automotive cyber security (R155) and software updates (R156).
Our experts help you to manage cyber security risks over the complete lifecycle of the vehicle.
UN Regulation on Cyber Security (R155)
A vehicle manufacturer must identify and manage cyber security risks concerning vehicles and their connectivity:
Continuous monitoring of threats, vulnerabilities and successful or attempted attacks Cyber security risk assessments and corresponding mitigations e.g. by software update During complete lifetime of the vehicle from design to decommissioning
Our experts help you to install and maintain a Cyber Security Management System (CSMS) – or certify your services as well as products and components.
Vehicle type approval must check the fulfilment of the following requirements:
Certified CSMS at the vehicle manufacturer Cyber security risk assessment analysis of the vehicle Implementation ofEffective risk mitigations Measures to detect and prevent cyber-attacks Measures to support data forensics Type specific monitoring activities
Get your report of all monitored activities checked by our independent experts.
UN Regulation on Software Updates (R156)
The vehicle manufacturer must demonstrate process capabilities for:
Recording the hardware and software versions relevant to a vehicle type Identifying software relevant for type approval including interdependencies for updates Assessing if a software update affects type approval and safety Informing vehicle owners of updates Documentation of all the above
Our experts help you to install and maintain a Cyber Security Management System (CSMS) – or certify your services as well as products and components.
Vehicle type approval must check the fulfilment of the following requirements:
Certified SUMS at the vehicle manufacturer Protected SU ensuring integrity and authenticity Protected Software identification numbers – readable from the vehicle For OTA (Over-The-Air): Restoring capability, sufficient power supply, safe execution, check successful SU Inform users about each update and about their completion or if a mechanic is needed.
Get your report of all monitored activities checked by our independent experts.
Requirements for Vehicle Manufacturers and Suppliers
The OEM is responsible
The whole cyber security process is in the hands of the manufacturer and must be maintained throughout the entire vehicle’s lifecycle.
Indirect obligations of suppliers
Requirements for risks, mitigations, testing and support will be cascaded down to the supply chain.
Testing critical components
Security testing of critical components is vital for ensuring the overall security of the vehicle system.
Your needs, our expertise and methods
Consulting
Risk Analysis, TARA Setup CSMS, SUMS Process Assessment 21434 Gap Analysis Process Improvement Technical Evaluations
Training
ISO DIS 21434Intro Focus: TARA Focus: CS-Development, V&V Focus: Continuous Monitoring
UNECE R155 / R156 E-Learning
Testing
Product Penetration Testing Vulnerability Scanning Fuzz Testing
Compliance
Audit/Certification R155/156 Type approval R155/156 Compliance Verification to ISO/SAE 21434 for Processes and Products
Get in touch with our experts
You have to look at cyber security holistically – especially in the automotive industry.
Thomas Thurner,
Head of Cyber Security
The ultimate goal is to ensure that data remains unchanged and consistent in its digital form.
Priyanka Sharma,
Cyber Security Expert
We help to ensure that motor vehicles cannot be manipulated by cyber attacks.
Gokulakrishnan Sreedhar,
Cyber Security Expert
Perhaps also interesting: