As everything from infotainment to engine systems in the automotive industry becomes more dependent on wireless and in-vehicle network connectivity, the need for robust cybersecurity measures has increased. The ISO/SAE 21434 standard has emerged to set requirements for road vehicle cybersecurity risk management processes. These cybersecurity requirements help regulate automotive products across the complete product lifecycle—from concept through design, production, maintenance and decommissioning. Adhering to these standards, Microchip Technology’s corporate processes associated with specific automotive work products have recently been audited by a third party, UL Solutions, and certified as compliant to ISO/SAE 21434.
Developed by the International Organization for Standardization (ISO) in conjunction with the Society of Automobile Engineers (SAE) International, the ISO/SAE 21434 standard was developed to help organizations define cybersecurity policies and manage risk. It is a demanding specification with 45 security categories, known as work products, each of which specifies a unique set of requirements that encompass all aspects of designing electrical and electronic systems for road vehicles, from ICs and software to firmware and libraries.
The ISO/SAE 21434 designation also confirms that a certified corporate cybersecurity management system is in place. This verifies that cybersecurity is a priority focus at the organization, from executive leadership to all organizational disciplines including the design, test, product, applications, marketing, quality, verification and validation teams. Stakeholders involved in the product lifecycle are required to complete cybersecurity training and meet designated qualifications. A Threat Analysis and Risk Assessment (TARA) methodology is also incorporated at multiple stages of the product lifecycle when devices will be integrated into automotive cybersecurity-related platforms.
“Security is a core pillar at Microchip and the ISO/SAE 21434 certification is proof of our dedication to maintaining high standards in automotive cybersecurity,” said Matthias Kaestner, corporate vice president of Microchip’s automotive business. “Our customers can be confident that Microchip is a trusted security advisor with the appropriate expertise to guide them through their automotive cybersecurity design journey.”
While each OEM is responsible for proving compliance at the vehicle level, ISO/SAE 21434 encourages all companies in the production ecosystem to play a role in proactively helping manage cybersecurity threats. Customers utilizing electronic control units that incorporate Microchip’s security products, designed within the ISO/SAE 21434 certified process framework, can be relieved of the arduous task of reviewing thousands of pages of process documentation to determine compliance. This reduces the burden placed on Tier-1s and OEMs to prove they have a strong foundation in security.
SOURCE: Microchip