Automotive Cyber Security lightning talk: ISO 21434
It has been almost ten years since I went to DEFCON and that year just so happened to to be the first year of the Car Hacking Village. It was notable because the Tesla Model S was a demonstration car to hack, and seeing as this was was the first connected car that I have seen, it was exciting.
While I didn’t end up spending a lot of time (the IoT Village also made its debut), car hacking as a security talk content always interest me, which is why I decided to go to last night’s Berlin Cybersecurity Social, which is the organizer of an event that I spoke at earlier this year.
What about TISAX?
Anyway, while listening to the extremely useful overview of the standard, I did think about a previous project. The company wanted to adapt TISAX after ISO 27001 certification due to anticipating requirements from potential clients in the automotive industry. I was curious to find out more about ISO 21434 and how it could possibly relate to TISAX…
Public information about ISO 21434:2021
According to ISO.org:
This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.
A framework is defined that includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk.
This document is applicable to series production road vehicle E/E systems, including their components and interfaces, whose development or modification began after the publication of this document.
This document does not prescribe specific technology or solutions related to cybersecurity.
Public information about TISAX
According to TÜV SÜD:
Trusted Information Security Assessment Exchange (TISAX) is an assessment and exchange mechanism for information security in the automotive industry. The TISAX label confirms that a company’s information security management system complies with defined security levels and allows sharing of assessment results across a designated platform.
Ok, makes sense!
So while TISAX is about information security for the automotive industry (more like, a standardized way of managing it and being assessed by it), this ISO 21434 standard is specifically about the actual risk management in handling engineering requirements for road vehicles. With TISAX, it is typically built upon implementing an ISMS based on ISO 27001, but not mandatory.
At the end of the lightning talk, I became a little bit more curious about ISO 21434, and luckily…
I was next to another attendee who had some direct experience with it and discussed with him the differences.
The speaker, Pablo Montes, has a Udemy course that you can sign up to.
Have experience with TISAX or ISO 21434? Comment below or continue the conversation on LinkedIn, we’d love to hear your thoughts.
Contact Us Today
Learn more about Superuser OÜ events and follow our LinkedIn.
Have a question? Find the following resources on our Services Page for other enquires,
Register your interest for upcoming new products and services or stay up-to-date by subscribing to our mailing list.