Industries, regulators, and consumers alike see cybersecurity as an ongoing challenge in our digital world. Protecting and defending computer assets against malicious attacks is a part of our everyday lives. From personal computing devices to online financial transactions to sensitive healthcare data, cyber crimes can affect anyone. As technology becomes more deeply embedded into cars in general, securing the global automotive infrastructure from cybercriminals who want to steal data and take control of automated systems for malicious purposes becomes a top priority for the industry. Systems and components that govern safety must be protected from harmful attacks, unauthorized access, damage, or anything else that might interfere with safety functions. Automotive Cybersecurity: An Introduction to ISO/SAE 21434 provides readers with an overview of the standard developed to help manufacturers keep up with changing technology and cyber-attack methods. ISO/SAE 21434 presents a comprehensive cybersecurity tool that addresses all the needs and challenges at a global level. Industry experts, David Ward and Paul Wooderson, break down the complex topic to just what you need to know to get started including a chapter dedicated to frequently asked questions. Topics include defining cybersecurity, understanding cybersecurity as it applies to automotive cyber-physical systems, establishing a cybersecurity process for your company, and explaining assurances and certification.

• Cover
• Title Page
• Copyright Page
• Contents
• Preface
• About the Authors
• CHAPTER 1 Introduction to Automotive Cybersecurity
  • What Is Cybersecurity?
  • What Does “Cybersecurity” Mean in the Automotive Context?
  • Key Concepts and Definitions
• CHAPTER 2 Cybersecurity for Automotive Cyber-physical Systems
  • Relationship between Cybersecurity, Functional Safety, and Other Disciplines
  • What Does “Cybersecurity” Mean in the Automotive Context?
  • The Vehicle Attack Surface
    • Wireless Interfaces
      • Long-Range Wireless Communications
      • Short-Range Wireless Communications
    • Wired Interfaces
    • In-Vehicle Networks
    • ECUs
  • Attack Paths and Stepping Stones
  • Addressing Cybersecurity—People, Process, and Technology
    • Management of Cybersecurity
    • Cybersecurity Engineering
    • Skills Required for Cybersecurity
    • Technology
• CHAPTER 3 Establishing a Cybersecurity Process
  • General Aspects of a Cybersecurity Process
  • Standards and Best Practice
  • Cybersecurity Lifecycle
  • Management of Cybersecurity
    • Top Management Commitment
    • Cybersecurity Processes
    • Cybersecurity Culture
    • Roles and Responsibilities
    • Cybersecurity Awareness and Competence
    • Continuous Improvement
    • Information Sharing
  • Proactive Cybersecurity Engineering
    • Cybersecurity Responsibilities at Project Level
    • Cybersecurity Planning
    • Concept Phase
      • Item Definition
      • Threat Analysis and Risk Assessment
      • Risk Treatment and Cybersecurity Goals
    • CAL
    • Cybersecurity Requirements and Controls
    • Design Verification
    • Cybersecurity Testing
      • Cybersecurity Testing Challenges
      • Cybersecurity Testing at Different Lifecycle Phases
      • Cybersecurity Testing Activities
    • Vulnerability Analysis and Management
  • Cybersecurity during Production
  • Reactive Cybersecurity Engineering
    • Cybersecurity Monitoring
    • Evaluation of Cybersecurity Events
    • Detecting and Responding to Attacks
    • Cybersecurity Incident Response
    • Assessing the Effectiveness of Detection and Response
    • Updates
    • End of Cybersecurity Support
    • Decommissioning
    • The Aftermarket
• CHAPTER 4 Assurance and Certification
  • Assurance Activities
    • Validation
    • Assurance Case
    • Audit
    • Assessment
    • Certification
    • Type Approval
  • Assurance Summary
• CHAPTER 5 Conclusions and Going Further
  • Frequently Asked Questions
    • What Is the Difference between UN Regulation 155 and ISO/SAE 21434?
    • To Which Types of Vehicles Does UN Regulation 155 Apply?
    • To Which Types of Organization Does ISO/SAE 21434 Apply?
    • How Do You Audit for Conformance to ISO/SAE 21434?
    • Is It Mandatory to Be Certified against ISO/SAE 21434?
    • Do I Have to Use ISO/SAE 21434 for My Cybersecurity Processes?
    • How Do I Know If My Item or Component Is Cybersecurity Relevant?
    • The Various Analysis Activities for Cybersecurity Engineering Look Very Time Consuming; How Do I Know When I Have Done Enough?
    • Does ISO/SAE 21434 Define Which Cybersecurity Tests Should Be Carried Out?
• References
• Index