How ISO/SAE 21434 Impacts EV Cybersecurity

Written By EV Connect
ISO Vehicle

As our world grows increasingly digital, even our cars are now equipped with digital devices that control everything from our music to our air conditioners. Electric vehicles in particular have advanced to improve convenience, lower fuel costs, and reduce emissions.

Electric vehicles are heavily reliant on computers and software, especially for battery management and charging. Though this is not a major concern under normal circumstances, they have the potential to be exploited by malicious actors as the adoption of electric vehicles popularizes. With the electric vehicle market expanding, cybersecurity will become increasingly crucial. Fortunately, the ISO/SAE 21434 "Road Vehicles-- Cybersecurity Engineering" standard hopes to prevent cybersecurity issues from occurring.

Below, we break down the specifics of ISO/SAE and how such standards can foster improved cybersecurity for all EV organizations and users.

What Are ISO Standards?

ISO stands for "International Organization for Standardization," while SAE is the "Society of Automotive Engineers." In short, ISO/SAE signals a joint project between the organizations, while 21434 is the project number.

The standard itself is widely adopted by automotive manufacturers and suppliers and hopes to tackle cybersecurity issues before they exacerbate by enabling organizations to define cybersecurity policies and processes and manage risk. In other words, they seek to implement a cybersecurity system throughout the entire lifecycle of car electronics.

But what, exactly, would you find in the pages of ISO/SAE 21434?

The document is extremely thorough, covering everything from how to think about cybersecurity within your organization, to product design, conception, development, and maintenance. It even has details on how to analyze and assess threats and cybersecurity risks.

Overall, ISO/SAE 21434 provides a comprehensive guideline for automotive developers to help them cover cybersecurity topics throughout the whole development lifecycle and ensure that the entire supplier chain is covered, too. Some of the activities OEMs and suppliers will need to do according to this guideline are the following:

  • Carrying out risk assessments

  • Identifying cybersecurity vulnerabilities

  • Ensuring development is undertaken with the correct safeguards in place to address these vulnerabilities

  • Rigorously testing applications and software/hardware components to make sure these risks have been mitigated

ISO/SAE 21434, EVs, and EV Chargers

While 21434 is not explicitly aimed at EVs or EV chargers, like most technology, their dependence on computers has the potential to leave them vulnerable. Cybersecurity firm Saiflow demonstrated that each can be attacked in different ways and for different reasons.

For example, without proper security standards, the attack surface on these spans across connected device system software, charging point operator, and user applications across web and mobile platforms, including touchpoints to third-party payment applications.

EVs, themselves, may also become targets. It would be possible for a bad actor to, say, remotely shut your car down and demand payment to return control. Similar things have been done on computers.

Perhaps the most worrying possibility is the grid. As EVs become more common, they'll constitute a sizeable portion of energy inflow and outflow among the electrical grid. We've even spoken before about how EVs could be used to shore up the grid in times of emergency. But, with a malicious actor at play, this could be turned on its head to drain or overflow the grid and cause structural damage that could take weeks to repair. Given that domestic terrorists regularly target electrical substations, this is not an impossibility.

How ISO/SAE 21434 Improves Cybersecurity

ISO 21434 standard is valuable to EV technology and product companies. It provides a framework for organizations to improve their cybersecurity posture by incorporating security into the design, development, and operation of road vehicles. Like regular security experts, they're in a constant battle with criminals, each trying to find ways around the others' tactics. But, a regular issue in the modern world has been big entities getting caught flat-footed because they hadn't taken any cybersecurity precautions. It seemed like a non-issue... until it became a very big issue.

The hope with ISO/SAE 21434 is that it prevents this from happening in the vehicle (and, thus, the EV) space. By providing a working standard for the industry, these standards can put up obstacles to any potential hackers, leaving them more interested in plying their trade elsewhere. Its wide range seeks to ensure there aren't any cracks in the system through which hackers could maneuver. Together with more generalized information security standards, like ISO 27000, it could go a long way towards creating a strong base on which other entities can develop more specialized cybersecurity tools in the EV space. 

Safeguarding our Charging Networks

At EV Connect, we are committed to providing the highest level of protection for our clients and partners. We employ a multi-layered security strategy that includes dedicated leadership at the highest levels of the company, continuous vulnerability assessments, and AES-256 encryption.

Our dedicated security team conducts regular penetration tests to identify and remediate any potential vulnerabilities in our systems, and we are committed to staying ahead of the evolving threat landscape. Our security systems are continuously monitored by our 24/7 managed threat-detection and response team, who are trained to identify, analyze, and respond to any security incidents in real time.

This proactive approach to security helps us to minimize any potential risk to our systems and data and ensures the confidentiality and integrity of the information we manage.

To learn more about EV charging cybersecurity, read our previous blog.


Sources

EV Connect
Previous

Friendly Chevrolet’s Electrifying Success Launching an EV Charging Business
Next

What Is White-label EV Charging? Building Your Branded EV Charging Station