The Sheer Scale is Staggering
ISO/SAE 21434 mandates that automakers provide a clear, comprehensible and defensible rationale, supported by evidence and documentation, that an item or component achieves a sufficient degree of cybersecurity for the application it is used in. To achieve this, automakers must determine the relevance of cybersecurity to each of these items and components; for the relevant ones, automakers can perform analysis and risk assessment (TARA). From this assessment, they can derive a set of cybersecurity goals and requirements for achieving a verifiable level of security.
Since there are hundreds of components in every vehicle that could potentially present a cybersecurity problem—and given the tight deadlines—this process imposes a formidable challenge, not just for automakers but for their suppliers as well. Modern vehicles increasingly rely on wirelessly communication to interact with their direct environment and to leverage cloud-based services. This connectivity continues within the vehicle itself, so almost every electronic component inside it should be presumed to be a potential target for hackers.
