Modern road vehicles offer an increasingly wide range of functions, including internet access, app-based remote monitoring, driver assistance systems and even autonomous driving technologies. Associated with these new technologies is a rapid increase and growing reliance on software components. In addition, new trends in vehicle use - such as car sharing platforms and remote mobile fleet management - are on the rise. However, these directions also pose a challenge, as they massively shorten development and production cycles.

Regarding cyber security, measures are still lagging behind. Yet cyber incidents have the potential not only to inflict massive financial damage on the automotive industry, but also to compromise the security of its customers in the long term. As more and more vulnerabilities in more and more software components are left unpatched a significant number of entry vectors are exposed to malicious activities. At the same time, the automotive industry is also being presented with a major opportunity right now: Electrification of the powertrain and comprehensive digitization of vehicle functions are accompanied by extensive changes in E/E architecture. Hence, now is exactly the right time to reconsider cybersecurity in a comprehensive way - according to the "security by design" principle. This way, it is possible to learn from the exact same mistakes the information technology (IT) industry has made for decades, and which today regularly lead to high-profile security incidents. After all, "adding on" security afterwards is extremely difficult.

Considering the increasing demand for cybersecurity standards, a joint ISO/SAE working group has developed ISO/SAE 21434. This set of guidelines for securing high-level processes in connected vehicles addresses the entire development and lifecycle of vehicles: Starting with culture and good governance throughout the organization, through design, development, production, and operation, and ending with decommissioning. The ISO/SAE 21343 is thus quite comparable to the ISO 27000 series of standards: Both cover the entire lifecycle as well as non-technical processes within organizations.

It is to be expected by everyone that these recommendations will gain acceptance for cybersecurity in a similar way as the ISO 26262 has in functional safety. This is particularly true since the standard, although not legally binding, is likely to be an important basis for vehicle type approvals.