Security Engineering for ISO 21434
This work addresses the challenge of efficiently achieving ISO 21434 certification for automotive cybersecurity engineers, which is an incremental improvement to existing processes.
This paper proposes a security engineering approach to simplify the process of achieving ISO 21434 certification for automotive cybersecurity. The approach utilizes Rigorous Security Assessments and Incremental Assessment Maintenance methods, supported by automation, to improve the quality and efficiency of producing required artifacts and enable continuous security assessment.
The ISO 21434 is a new standard that has been proposed to address the future challenges of automotive cybersecurity. This white paper takes a closer look at the ISO 21434 helping engineers to understand the ISO 21434 parts, the key activities to be carried out and the main artefacts that shall be produced. As any certification, obtaining the ISO 21434 certification can be daunting at first sight. Engineers have to deploy processes that include several security risk assessment methods to produce security arguments and evidence supporting item security claims. In this white paper, we propose a security engineering approach that can ease this process by relying on Rigorous Security Assessments and Incremental Assessment Maintenance methods supported by automation. We demonstrate by example that the proposed approach can greatly increase the quality of the produced artefacts, the efficiency to produce them, as well as enable continuous security assessment. Finally, we point out some key research directions that we are investigating to fully realize the proposed approach.