"Since July 2022, UNECE Regulation 155 prescribes a mandatory proof of a suitable cyber security management system for car manufacturers - for example in accordance with ISO/SAE 21434," says Dr. Fabian Lanze, Head of Cyber Security at Huf. "But these are just primarily mandatory for car manufacturers. Yet this does not mean that automotive suppliers are exempt from the obligation. The car manufacturers’ obligation to prove this at the project level is an even greater challenge, as we have to meet very project-specific requirements in addition to the standards specified by ISO/SAE 21434.”
Perfect start: Huf has passed first cyber security audit based on ISO/SAE 21434
The cyber security team at Huf led by Dr. Fabian Lanze received the first confirmation already at the beginning of the year 2022: For a major order with complex software and electronics solutions, the customer required a comprehensive review of the cyber security standards based on ISO 21434 at Huf. To give just one example of manufacturer specifications that go beyond the standards of ISO/SAE 21434: Huf must be able to guarantee that it can still provide software updates 15 years after the end of production.
"The fact that we passed the manufacturer audit is a great success. We know that we have done our homework and are well prepared for future projects," says Fabian Lanze.
Additional to the tasks imposed on the manufacturers which also have to be fulfilled by suppliers, the ISO/SAE 21434 standard itself is challenging. As described in this article on ISO/SAE 21434, not only products but also processes are tested in accordance with the standard. Cyber security risks are analyzed and evaluated from product creation through production to maintenance during series production.
