What you Need to Know: ISO/SAE 21434
Cybersecurity has become an important requirement to mitigate cyberattacks, especially with commercial and industrial electric vehicles (EVs). With more EVs connected to the internet, drivers want to know their data is secure from cyber threats. To protect EVs from cyber-attacks, the International Organization of Standardization (ISO) and Society of Automotive Engineers (SAE) developed a comprehensive set of standards that protects against cybersecurity risks, ISO 21434. ISO 21434 and UNECE regulation No. 155 are a set of guidelines for cybersecurity and software development and deployment for vehicles. These guidelines and regulations play an integral role in the development of cybersecurity management systems that includes the following countermeasures:
- Risk Management: The first step in defining a cybersecurity management system is risk assessment and management. ISO 21434 mandates organizations to preemptively manage cyber risks by analyzing software and hardware interfaces for elements that could potentially become a cyber risk.
- Security Controls: Protecting drivers’ data and safety-critical vehicle components from malicious cyber threats can be effectively managed through mechanisms such as: authenticating users or vehicle components that request access to data, encrypting sensitive information at rest and in transit, and utilizing time-dependent access mechanisms such as temporary passwords.
- Communication and Information Exchange: This countermeasure requires organizations to share information about cybersecurity incidents and risks with suppliers and customers through vehicle systems. This ensures the data is authenticated through the exchange of information.
- Mitigation Strategies: These strategies are vetted through the product development process to ensure the reliability of the EV systems to proactively anticipate cyber threats.
At Modine, we are committed to thoroughly evaluating cybersecurity threat vectors throughout the product life cycle, from conception to decommissioning. In our development process, we’ve established internal and external mitigation strategies to ensure the integrity and security of our products. Protected from the point of manufacturing to the point of sale Modine EVantage products have a robust manufacturing strategy that guarantees genuine, performant, high quality control software that is present on the product. Our customers enjoy increased peace of mind knowing that both internal and external threats are prevented. We proactively analyze and support customers cybersecurity concerns and requirements with our cybersecurity disclosure program. We understand that cybersecurity is an ongoing effort. We’re just getting started – we fervently look for new industry-proven best practices to keep our customers safe from cyber threats and meet their security requirements.
If you would like to learn more about our cybersecurity management system, contact us.