What is ISO 21434?
Over many years, the vehicle and system development process have been refined to standardize specification and verification tasks. Road vehicles — Cybersecurity engineering focuses on cybersecurity risks in the design and development of car electronics.
This standard covers cybersecurity governance and structure, secure engineering throughout the vehicle’s life cycle, and post-production security processes. Organizations providing cyber security for road and vehicle-based applications must comply with ISO 21434 standard.
The goal of ISO SAE 21434 is to build on the ISO 26262 functional safety standard and provide a framework similar to it for the entire life cycle of road vehicles. The major components of this new standard are
- Security management
- Project-dependent cyber security management
- Continuous cyber security activities
- Associated risk assessment methods
- Cyber security within the concept product development and post-development stages of road vehicles.
An organization must tailor cyber security activities and continuously improve specifications and verification methods for each significant clause of the ISO SAE 21434 standard. This includes governance models, organizational artefacts like training and awareness, and technical component specifications.
Furthermore, to comply with regulatory requirements and independent cyber security audits, the processes, procedures, and documentation must align with ISO SAE 21434 cyber security planning activities.
ISO/SAE 21434 has specific requirements for software development, such as analysis to check for inherent flaws and overall consistency, correctness, and completeness in terms of cybersecurity requirements.
How does StrongBox IT help in ISO 21434?
Cybersecurity should be prioritized in all design decisions, including the programming language used for software development. Usage of WAF is one such implementation that has to be followed.
StrongBox IT is a cybersecurity provider offering an enterprise-grade Web Application Firewall (WAF) – Modshield SB. Modshield SB is built with ModSecurity CRS and 2021 OWASP Standards.
Modshield SB WAF defends against a wide range of web-based instructions and attacks that target applications hosted on the cloud and web applications. Modshield SB scans both inbound and outbound traffic, thereby protecting the user from attacks and preventing data loss (DLP).
In addition, Modshield SB protects from cross-site scripting (XSS), Server-side request forgery (SSRF), Sensitive data exposure, and other malicious attacks by hackers that compromise the privacy and integrity of sensitive data.