Table of Contents

How ISO 21434 impacts EV cybersecurity

How ISO 21434 impacts EV cybersecurity

With electronic and electrical components’ footprints growing significantly in road vehicles, ensuring that the vehicle’s telemetry, navigation, safety, and data are protected from cyberattacks is crucial at every stage of design, development, and deployment.

ISO 21434 was developed to ensure that the hyperconnected vehicles are safe for the occupants as well as other vehicles on the roads. EVs being one of the most connected vehicles on the road with the widespread adoption of V2G technologies have led to the expansion of attack surface on the EV technical architecture across the edge to connectivity to Cloud layers. Let us look at how consideration of ISO 21434 in designing and deploying EVs helps mitigate these cybersecurity challenges.

Background

Electric vehicles are seeing a strong demand globally, particularly with the prevalent concerns of climate change and steadily increasing global temperatures. The idea that the electric vehicle technology is essentially a motor, and a battery that is rapidly giving way to a complex architecture of bidirectional charging infrastructure (on vehicle and roadside), regenerative braking, immersive driver experience, and often autonomous driving technology. All these cutting-edge technology components require significant computing, storage, and analysis infrastructure, both at the edge i.e. in the vehicle and charging points as well as in the cloud (at the grid control and fleet remote operator command centers).

This also leads to an increase in the attack surface on the connected vehicle technology value chain. Independent security practitioners have demonstrated in recent times that one can hack into the non-navigation functions of multiple electric cars simultaneously. While this may seem like a harmless prank for now, there is no denying that it is an ominous sign for the times to come.

What are the common cybersecurity risk scenarios in EVs?

Here are the main points of vulnerability for an EV:

1. Electric Vehicles

EVs have a significant footprint of the embedded system software, namely device drivers, operating systems, application runtime for application workloads on data processing, and rule-based control. It also has a lot of firmware for device functioning like sensor integration, interfacing, and communication. Each of these software modules is vulnerable to cyber-attacks. Attackers even target user applications running on mobile and web for car status, control, and driver analytics as well as third-party application integrations for reference data like maps.

2. Charging infrastructure

Connected EV charging points, irrespective of leveraging AC or DC charging technology have complex technical architecture across the hardware, system software, connectivity, and application software or digital layer. They are managed by the charging point operators or CPOs using a mix of on-site and remote monitoring, management, and maintenance. Attack surface on these spans across connected device system software, charging point operator, and user applications across web and mobile platforms, including touchpoints to third-party payment applications.

3. Electrical grid

Finally, EV charging points source electricity from the grids that leverage renewable as well as non-renewable energy sources to maintain the grid power levels at the required levels of voltage and current. Any attack on the network of charging points impacts the grid in an adverse way. For example, a botnet attack assumes control of a large portion of the charging point network. It creates an erroneous, non-existent spike in energy demand,trips the grid, leading to power outage. Here, the attack surface is the integration between the grid and the charging point network.

How does the ISO 21434 help in mitigating these cybersecurity risks?

Prior to this standard coming into effect, the safety and security in the vehicle design were limited to functional safety, governed by ISO 26262. However, lack of coverage on securing the electronic control and data flowing in the connected car ecosystem mandated addressing these concerns in a separate standard, which came into effect as ISO 21434 –Road Vehicles – Cybersecurity engineering. This standard outlines the engineering considerations from concept to decommissioning of secure road vehicles across modalities.

  • From detailing activities in the secure product lifecycle to outlining how to set up a cybersecurity culture in the new product development teams, this standard ensures an end-to-end security enablement approach for connected vehicles.
  • It helps you set up an objective mechanism for setting up and planning the cybersecurity-related workflows from secure design to end of cybersecurity support.
  • It also features methods to conduct threat analysis and risk assessment considering specific damage scenarios, asset properties, and impact characteristics. It further outlines attack paths and feasibility ratings of the attacks. As part of risk assessment, it lays out factors that impact the risk value and subsequent treatment decisions for the ascertained risk value.

The standard is valuable to the EV technology and product companies. It explains a practical approach to ensuring cybersecurity in a scenario where suppliers i.e. product and technology providers as well as customers, both are responsible for ensuring EV cybersecurity across the product lifecycle. Any significant deviation from the model roles and responsibilities outlined in the standards can have impaired security across the EV cybersecurity value chain.

eInfochips has extensive expertise and comprehensive offerings in IoT security across architecture layers of device, connectivity, cloud as well as web/mobile user applications. With experience, in high technology verticals like e-mobility across security lifecycle activities like threat modeling, VAPT, as well as DevSecOps, eInfochips has helped customers develop a secure connected product ecosystem for various industry applications.

Picture of Nirupam Kulkarni

Nirupam Kulkarni

Nirupam Kulkarni works as Product Manager focused on eInfochips' IoT and AI product and solution portfolio. He has 11 years of technology experience across IT and analytics consulting, market research, product management and digital partnerships.

Explore More

View All

Talk to an Expert

Subscribe
to our Newsletter
Stay in the loop! Sign up for our newsletter & stay updated with the latest trends in technology and innovation.

eInfochips, an Arrow Electronics company, is a leading provider of digital transformation and product engineering services. eInfochips accelerates time to market for its customers with its expertise in IoT, AI/ML, security, sensors, silicon, wireless, cloud, and power. eInfochips has been recognized as a leader in Engineering R&D services by many top analysts and industry bodies, including Gartner, Zinnov, ISG, IDC, NASSCOM and others.

Headquarters
– USA, San Jose
– INDIA, Ahmedabad

Write to Us: marketing@eInfochips.com

Linkedin Twitter Facebook Youtube Instagram

Services

Industries

Insights

Explore eInfochips

Reference Designs

Media

Press Releases

In the News

Newsletters

Events & Webinars

Insights

Blogs
Case Studies
Whitepapers
Webinars

Our Work

Innovate

Transform.

Scale

Partnerships

Device Partnerships
Click heare to know more..
Digital Partnerships
Click heare to know more...
Quality Partnerships
Click heare to know more...
Silicon Partnerships
Click heare to know more...

Company

About Us
Leadership Team
Our Clients
Partnerships
Awards and Accolades
Corporate Responsibility

Industries

Mobility
Aerospace
Automotive
Off Road
Healthcare
Medical Devices
Pharma & Life Sciences
Digital Health
Industrial
Industrial Automation
Building Technologies
Energy & Utilities
Heavy Machinery
Hi-Tech
Consumer Electronics
Security & Surveillance
Semiconductor
Technology
Compute and Storage
ISVs & Platforms
Robotics and Autonomous Machines
Aerospace
Medical Devices
Automotive
Security, Surveillance & Access Controls
Consumer Electronics
Smart Retail
Energy & Utilities
Smart Spaces
Industrial Products
Semiconductors

Products & IPs

Device
Reference Design and EVMs
e-EYE
Reusable Camera Framework
Digital
EIC PROPEL â„¢
Snapbricks Devops for IoT
Snapbricks loT Gateway Framework
Snapbricks IoT Device Lifecycle Management
Snapbricks Video Management
Snapbricks Cloud Migration Assessment Framework (SCMAF)
Snapbricks DevOps Maturity Assessment Framework (SDMAF)
Snapbricks Cloud Optimization Assessment Framework (SCOAF)
RDM (Remote Device Management) SaaS Framework
Conxero
Cybersecurity Assessment Framework
RPA Assessment Framework
IoT Cybersecurity Assessment Framework
Arrow Connect Framework
Quality
Snapbricks Test Automation Framework
Model Based BDD Testing Framework
Voice Assistant Quality Automation Framework
Battery Management System Testing Framework
Testbed for Avionics
Wireless Connectivity Test Automation Framework
Bluetooth Qualification Framework
Unified Test Automation framework (Web, Mobile, API)
Silicon
Verification IPs
Optix-Physical Design Framework
PerfMon- Performance Analysis Framework
DAeRT (Dft Automated Execution and Reporting Tool)
ConForum for DFT Framework
Scoreboardnetic
AMSify

Services


    Device
Engineering
    Digital
Engineering
    Quality
Engineering
    Silicon
Engineering
Foundation
Services
Hardware Design
Embedded System & Software Development
Multimedia & Digital Solutions
Design to Manufacturing
Product Sustenance
Cloud
DevOps
Full Stack
Mobility
IoT
AI & ML
Product Testing
Cloud Testing
Mobile & Web Testing
IoT Testing
Quality Process Consulting
ASIC, FPGA, SoC Design & Development
Desgin Verification & Pre/Post-Silicon Validation
Physical Design & DFT
Transformation
Services
Image Tuning
OS Porting & Optimization
Remote Device Management
Product Redesign
Big Data
Cybersecurity
Robotic Process Automation
Extended Reality
Blockchain
Intelligent Test Automation
Security Testing
UI/UX Testing
Wireless Testing
Multimedia Testing
QAOPs
Process Migration
Derivatives ASICs
IP/VIP Development, Integration & Verification
Device
Foundation Services
Hardware Design
Embedded System & Software Development
Multimedia & Digital Solutions
Design to Manufacturing
Product Sustenance
Transformation Services
Image Tuning
OS Porting & Optimization
Remote Device Management
Product Redesign
Digital
Foundation Services
Cloud
DevOps
Full Stack
Mobility
IoT
AI & ML
Transformation Services
Big Data
Cybersecurity
Robotic Process Automation
Extended Reality
Blockchain
Quality
Foundation Services
Product Testing
Cloud Testing
Mobile & Web Testing
IoT Testing
Quality Process Consulting
Transformation Services
Intelligent Test Automation
Security Testing
UI/UX Testing
Wireless Testing
Multimedia Testing
QAOPs
Silicon
Foundation Services
ASIC, FPGA, SoC Design & Development
Desgin Verification & Pre/Post-Silicon Validation
Physical Design & DFT
Transformation Services
Process Migration
Derivatives ASICs
IP/VIP Development, Integration & Verification