Cyber security needs are rapidly evolving in the automotive industry, in the face of the growing spread of cyber threats to vehicles and passengers. If you belong to the Tier 1 segment, follow the tips for your organization on how to comply with the cyber security protection requirements of ISO/SAE 21434.

Reading Time: 6 minutes Difficulty: Advanced
27 June 2024
27 June 2024
Reading Time: 6 minutes Difficulty: Advanced

Cyber security needs are rapidly evolving in the automotive industry, in the face of the growing spread of cyber threats to vehicles and passengers. If you belong to the Tier 1 segment, follow the tips for your organization on how to comply with the cyber security protection requirements of ISO/SAE 21434.

1: Strengthen cyber security processes starting with GAP Analysis

If you identify potential gaps in the processes of your organization, the solution is to analyze the GAPS with respect to the requirements of the basic standard ISO/SAE 21434.
In this way, it will become immediately clear which measures to implement in order to align the cyber security practices in use with the provisions of the reference standards.


For best results, regular audits should be carried out in accordance with regulations R155, R156, ISO/SAE 21434 and ISO 24089.
To avoid the risk of non-compliance, or continue to use processes that put the cyber security of items at risk, it is crucial to implement an ongoing plan for improving the cyber security processes.

You can do all this with our help. Find out the services for Automotive Cybersecurity or continue reading the other tips.


2: Manage relations with the OEM with the Cyber security Interface Agreement

The Cyber security Interface Agreement (CIA), pursuant to ISO/SAE 21434, is the document that defines the cyber security requirements and responsibilities related to the interfaces between the different systems and components integrated in the vehicle.
The CIA is complex to prepare, but essential for establishing with the OEM which measures are to be taken in the context of cyber security.

3: Guarantee items in line with the ISO/SAE 21434 standard

ISO/SAE 21434 requires that the development of a component includes the definition of cyber security interfaces.
Tier 1 demands a careful review of the aspects related to protection against cyber threats, starting from the design phase and up to the formalization of the Cyber security Case, defined by the ISO/SAE 21434 standard as the final result of the resilience of an item.

4: Implement measures for verifying and validating cyber security

Conducting in-depth cyber security tests requires tools and skills rooted in the world of regulatory standards to achieve fully effective results.
If the aim is to identify absolutely all vulnerabilities, the level of cyber security must be verified and validated according to ISO/SAE 21434 using a wide range of penetration testing methods. Only in this way can the resilience of the systems installed on vehicles be assessed in a comprehensive manner.

5: Analyze cyber security risks using the TARA method

The TARA (Threat Analysis and Risk Assessment) analysis is, according to industry standards, the prerequisite for the finalization of the Cyber Security Case, which illustrates the operation of the items. Without a thorough analysis of the cyber risk of the components, you may not be able to implement effective mitigation strategies to eliminate vulnerabilities to attacks.
The TARA method allows you to perform a detailed study of potential threats and thereby identify and manage all risks correctly by evaluating the vectors and the consequences of an attack.

6: Develop the Management System and Training Plan according to ISO/SAE 21434

In the absence of a formal management system, cyber security practices may not be sufficiently integrated in the life cycle of the vehicle.
The process of building a management system that meets the requirements of ISO/SAE 21434, and that includes integrated practices, involves:

  • The definition of internal roles and responsibilities
  • The implementation of training programs with sessions for the development of skills in the field of monitoring cyber security levels and methods for responding to cyber incidents


Looking for guidance on increasing compliance with cyber security standards?

Go back to the blog
Send this to a friend