• Title/Summary/Keyword: ISO/SAE 21434

Search Result 2, Processing Time 0.014 seconds

Designing an evaluation model for cyber security management system implementation for companies participating in the automobile supply chain (based on ISO/SAE 21434 standard and TISAX assessment requirements) (자동차 공급망 참여기업 대상 사이버보안 관리체계 구현 평가모델설계 (ISO/SAE 21434 표준 및 TISAX 평가 요구사항을 기반으로))

  • Baek Eun Ho
    • Convergence Security Journal
    • /
    • v.22 no.5
    • /
    • pp.49-59
    • /
    • 2022
  • Cyber security in the automobile sector is a key factor in the life cycle of automobiles, and cyber security evaluation standards are being strengthened worldwide. In addition, not only manufacturers who design and produce automobiles, but also due to the nature of automobiles consisting of complex components and various parts, the safety of cybersecurity can be secured only when the implementation level of the cybersecurity management system of companies participating in the entire supply chain is evaluated and managed. In this study, I analyzed the requirements of ISO/SAE 21434 and TISAX, which are representative standards for evaluating automotive cybersecurity. Through a survey conducted on domestic/overseas company security officers and related experts, suitability and feasibility were reviewed according to priorities and industries, so 6 areas and 45 evaluation criteria were derived and presented as final evaluation items. This study is meaningful as a study in that it presented a model that allows companies participating in the automotive supply chain to evaluate the current cybersecurity management level of the company by first applying ISO/SAE 21434 and TISAX overall control processes before uniformly introducing them.

Development of Framework for Compliance with Vehicle Cybersecurity Regulations: Cybersecurity Requirement Finder (차량 사이버보안 법규 준수를 위한 프레임워크 개발: Cybersecurity Requirement Finder)

  • Jun hee Oh;Yun keun Song;Kyung rok Park;Hyuk Kwon;Samuel Woo
    • The Journal of The Korea Institute of Intelligent Transport Systems
    • /
    • v.22 no.6
    • /
    • pp.299-312
    • /
    • 2023
  • Recently, the electronic control unit (ECU) has been integrating several functions into one beyond simple convenience functions. Accordingly, ECUs have more functions and external interfaces than before, and various cybersecurity problems are arising. The United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations (WP.29) issued UN Regulation No.155 to establish international standards for vehicle cybersecurity management systems in light of the growing threats to vehicle cybersecurity. According to international standards, vehicle manufacturers are required to establish a Cybersecurity Management System (CSMS) and receive a Vehicle Type Approval (VTA). However, opinions were raised that the implementation period should be adjusted because domestic preparations for this are insufficient. Therefore, in this paper, we propose a web-based solution that maps a checklist to check the status of CSMS in the requirement and various vehicle security companies and solutions to mitigate the identified gap.