Since January, Péter Mátyus has held the position of CEO. Péter brings 24 years of experience in the automotive industry, including 14 years at BMW’s headquarters in Munich, where he served as the Head of Procurement for the Central and Eastern European region. Péter Mátyus is a mechanical engineer with auditing experience. He was responsible for procurement volumes worth billions of euros across eight Eastern European countries. His areas of expertise include business development, investments and acquisitions, strategic procurement, supply chain management, intercultural communication, and networking.
Automotive testing, inspection, and certification (TIC) services play a crucial role in meeting requirements. TIC services ensure that automotive products and components meet the necessary criteria through rigorous testing, meticulous inspection, and certification in accordance with specified regulations and standards. In most countries, obtaining certifications is not just a preference but a necessity for the export of automotive components. QTICS AUTOMOTIVE was established to provide these complex services.
ISO/SAE 21434 Standard: The Foundation of a New Era in Automotive Cybersecurity
Automotive Cybersecurity
In the modern automotive industry, cybersecurity is becoming increasingly important as cars become more connected to networks and employ more complex technologies. The ISO/SAE 21434 standard aims to provide comprehensive guidance on managing the cybersecurity processes for vehicles, ensuring their integrity, confidentiality, and availability. This article details the significance, objectives, and application areas of the ISO/SAE 21434 standard, with particular focus on the UN R155 and UN R156 regulations.
The Role of UN R155 and UN R156
The UN R155 and UN R156 regulations are part of the regulatory framework of the UNECE (United Nations Economic Commission for Europe), aimed at defining the cybersecurity and software update requirements for vehicles:
– UN R155 (Cybersecurity and Cyber Security Management System): This regulation requires vehicle manufacturers to implement a Cyber Security Management System (CSMS) to protect vehicles against cyber threats throughout their lifecycle. Applying the ISO 21434 requirements is the most effective way to achieve this.
– UN R156 (Software Update Processes and Management System): This regulation outlines the processes and requirements for software updates in vehicles, ensuring the safe and efficient updating of software.
These regulations are also key requirements for the homologation of vehicles and vehicle components.
The ISO/SAE 21434 standard and the UN R155 and UN R156 regulations together provide a comprehensive cybersecurity and software management framework for vehicles, essential for the safe operation of modern vehicles.
Objectives of the ISO/SAE 21434 Standard
The main objectives of the ISO/SAE 21434 standard include:
– Managing Cybersecurity Risks: The standard provides guidance for identifying, assessing, and managing cybersecurity risks throughout the vehicle’s lifecycle.
– Defining Security Requirements: It establishes the security requirements for vehicles, ensuring the implementation of appropriate protective measures.
– Integrating Development Processes: It mandates the integration of cybersecurity considerations into vehicle development processes, including design, development, testing, and maintenance.
– Promoting a Cybersecurity Culture: It promotes increased cybersecurity awareness and the establishment of a cybersecurity culture within automotive organizations.
Application Areas
The ISO/SAE 21434 standard applies broadly across various segments of the automotive industry:
– Vehicle Manufacturers: The standard offers guidelines for integrating cybersecurity requirements into vehicle design and development processes.
– Suppliers: It ensures suppliers adhere to appropriate cybersecurity requirements during the development of vehicle components and systems.
– Service Providers: For service providers like telematics and software developers, the standard mandates the introduction of cybersecurity measures in their services.
– Authorities: The standard provides a foundation for developing and applying national and international cybersecurity regulations.
Steps for ISO/SAE 21434 Certification:
To achieve ISO/SAE 21434 certification, a company typically follows these steps, with comprehensive consulting and certification tasks supported by QTICS Automotive Plc.:
1. Gap Analysis: The company identifies its current cybersecurity practices and processes, comparing them with ISO/SAE 21434 requirements to identify any gaps to be addressed before certification.
2. Training and Awareness: Employees receive training and awareness programs to understand the importance and requirements of ISO/SAE 21434, ensuring everyone in the company is aware of the cybersecurity measures.
3. Implementation: The company begins implementing necessary cybersecurity measures and practices based on ISO/SAE 21434 guidelines, enabling the installation of cybersecurity tools, software updates, and incident management plans.
4. Documentation: Detailed documentation of all cybersecurity processes and measures is prepared for review during the certification audit.
5. Internal Audit: The company conducts an internal audit to evaluate the effectiveness of cybersecurity measures and compliance with ISO/SAE 21434.
6. Pre-Assessment: The pre-assessment aims to gauge the organization’s readiness for the official certification audit. Any issues identified during the pre-assessment are addressed.
7. Certification Audit: The official certification audit is conducted by an accredited certification body. The auditor reviews the company’s documentation, processes, and practices to verify compliance with ISO/SAE 21434.
8. Corrective Actions: If non-conformities are found during the audit, the company must take corrective actions to address them.
9. Accredited Certificate: Upon meeting ISO/SAE 21434 requirements, the company receives an accredited certificate valid for three years, with regular (annual) surveillance audits to ensure continuous compliance.
Conclusion
The implementation of the ISO/SAE 21434 standard marks a milestone in automotive cybersecurity. Through comprehensive guidelines and requirements, it ensures the protection of vehicles against cyber threats, promoting the development and operation of safe and reliable vehicles. The combined application of the ISO/SAE 21434 standard and the UN R155 and UN R156 regulations is crucial for automotive stakeholders to meet global cybersecurity expectations and regulations, enhancing their competitiveness and safety levels in the global market.
Related Information and Cybersecurity Services:
- The GDPR (General Data Protection Regulation) is a regulation introduced by the European Union that governs the handling and protection of personal data. We are the first in Europe to be able to certify GDPR (Europrivacy certification) with accreditation.
- ISO/IEC 27001 is an international standard that specifies the general requirements for information security management systems.
- TISAX (Trusted Information Security Assessment Exchange) is the only automotive-specific security framework for information security assessment based on the requirements of the German VDA (German Association of the Automotive Industry).
- The NIS2 (Network and Information Systems) directive is a European Union regulation aimed at unifying cybersecurity capabilities to strengthen the protection of organizations, which is also mandatory.
- IEC 62443 is a standard for the protection of industrial control systems and the most effective cybersecurity solution for Industry 4.0. With the increased connectivity of production equipment (IIoT), new threats emerge that need to be incorporated into traditional risk management processes. The manufacturer (supplier) of industrial automation control system components must incorporate the security requirements according to IEC 62443 into product development processes.