Cyber security needs are rapidly evolving in the automotive industry, in the face of the growing spread of cyber threats to vehicles and passengers. If you are an OEM operating according to the ISO/SAE 21434 standard, follow the tips for your organization on how to comply with the cyber security protection requirements.

Reading Time: 6 minutes Difficulty: Advanced
19 June 2024
19 June 2024
Reading Time: 6 minutes Difficulty: Advanced

Cyber security needs are rapidly evolving in the automotive industry, in the face of the growing spread of cyber threats to vehicles and passengers. If you are an OEM operating according to the ISO/SAE 21434 standard, follow the tips for your organization on how to comply with the cyber security protection requirements.

1: Strengthen the cyber security processes by first auditing the internal organization

If you identify potential gaps in the processes of your organization, the solution is to plan regular audits in accordance with the ISO/SAE 21434 standard.
To avoid the risk of non-compliance, or continuing to use processes that put cyber security at risk, the first tip is to identify areas for improving your level of cyber security.


The actions we suggest you take:

  • Definition of cyber security objectives
  • Examination of the existing documentation and procedures
  • Assessment of compliance with the requirements of ISO/SAE 21434 and of the Cyber security Incident Response Plan
  • Reporting and maintenance of cyber hygiene practices


You can do all this with our help. Find out the services for Automotive Cybersecurity or continue reading the other tips.


2: Implement secure supplier management

According to ISO/SAE 21434, suppliers play a crucial role in the cyber security of automotive systems, as they provide the components and software that are integrated in the overall system of the vehicle.


It is essential to select and assess suppliers with care in order to:

  • Define the suppliers’ cyber security requirements
  • Verify, validate, and monitor any reports of cyber security incidents by suppliers
  • Track the supply chain in line with the requirements of ISO/SAE 21434


3: Guarantee the Cybersecurity Concept in line with standard ISO/SAE 21434

ISO/SAE 21434 classifies the revision of vehicle design and architecture as a critical process, to be carried out during the initial design phase of an automotive system.
The OEM must not forget to perform a careful review of the system architecture, to ensure that it is able to withstand cyber threats throughout the life cycle of the vehicle, until formalization of the final work product, the Cyber Security Concept defined by ISO/SAE 21434.

4: Implement measures for verifying and validating cyber security

Conducting in-depth cyber security tests requires tools and skills rooted in the world of regulatory standards to achieve fully effective results.
If the aim is to identify absolutely all vulnerabilities, the level of cyber security must be verified and validated according to ISO/SAE 21434 using a wide range of penetration testing methods. Only in this way can the resilience of the systems installed on vehicles be assessed in a comprehensive manner.

5: Analyze cyber security risks using the TARA method

The TARA (Threat Analysis and Risk Assessment) analysis is, according to industry standards, the prerequisite for the finalization of the Cyber Security Concept, which illustrates the entire operation of the system. Without a thorough analysis of the cyber risk of the various components of the work product, you may not be able to implement effective mitigation strategies to eliminate vulnerabilities to attacks.
The TARA method allows you to perform a detailed study of potential threats and thereby identify and manage all risks correctly by evaluating the vectors and the consequences of an attack.

6: Develop the ISO/SAE 21434 Management System

In the absence of a formal management system, cyber security practices may not be sufficiently integrated in the life cycle of the vehicle.
The process of building a management system that meets the requirements of ISO/SAE 21434, also with a view to future regulatory reviews and audits, involves the definition of:

  • A cyber security policy
  • Internal roles and responsibilities
  • Management of suppliers
  • A Cyber Security Incident Response Plan
  • Training of staff
  • Monitoring of levels of cyber security


Looking for guidance on increasing compliance with cyber security standards?

Go back to the blog
Send this to a friend