Road Vehicles - Cybersecurity Engineering
- Ground Vehicle Standard
This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.
A framework is defined that includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk.
This document is applicable to series production road vehicle E/E systems, including their components and interfaces, whose development or modification began after the publication of this document.
This document does not prescribe specific technology or solutions related to cybersecurity.
Data Sets - Support Documents
TEVEES18A has been an excellent forum for building consensus on matters of significance in automotive cybersecurity with relevant stakeholders in the cybersecurity, IT, and automotive communities. The work has culminated in two noteworthy publications SAE J3061 and the joint SAE/ISO 21434 standard on road vehicle cybersecurity. With the publication of the SAE/ISO Standard, we have rechartered this Committee to continue to leverage this excellent group of people and focus on the next frontiers that require attention.The Committee will continue to support and evangelize SAE/ISO 21434. This includes ongoing monitoring for public opportunities to further the message of SAE/ISO 21434, vehicle systems cybersecurity and those areas identified during the standardization activity requiring additional discussion and development. This also specifically includes internal support of SAE/ISO 21434 to other relevant SAE committees. To avoid diluting efforts and overlap with other ongoing efforts, the committee resolves to limit efforts to the below proposed charter tasks, as well as the ongoing tasks of collaboration, education, and outreach of core SAE/ISO 21434. The efforts of this committee will be subdivided into additional task groups as needed. The focus of the task force would be to discuss and develop relevant tasks that fall under the new charter and are identified as focus areas by the committee. Agendas for meetings are to be set on a “round robin” basis and rotate between the topics as they develop. Prioritization among the topics will be dynamic and change as the topics develop. All charter tasks are to be related to vehicle electrical systems, vehicular environments, including infrastructure external to the vehicle, if it could have any influence on the cybersecurity of the vehicle, and which are not already addressed by other SAE committees. Examples include, but are not limited to cloud/server systems that interface with the vehicle which can impact vehicle behavior, operation, configuration, etc., such as manufacturing processes, PKI/KMS systems, systems to update vehicle firmware/software/maps, telematics, remote monitoring/control, etc. Vehicles is the term used for all road worthy vehicles, heavy duty, commercial, single, and multi-passenger, automated connected vehicles, and driverless vehicles. If a task or topic is already addressed by another SAE committee, TEVEES18A will collaborate with that committee, as appropriate through a liaison to ensure proper coordination of efforts. The committee reserves the right to expand scope to other vehicles not explicitly identified above. The following tasks/areas are of focus: ● Development of training material, and other guidance documents for ISO/SAE 21434 and vehicle cybersecurity systems. ● Updates/additions to ISO/SAE 21434 e.g., refinement/updates of existing topics, additional topics (e.g., “Target Attack Feasibility”). ● Any topic where additional guidance or standardization would be beneficial to the vehicle industry. ● Collaborate with other SAE committees and external Standards Development Organizations (SDOs).