Huf has successfully achieved certification for its Cybersecurity Management System (CSMS) according to both accredited and globally recognized certification standards for road-vehicle cybersecurity: ISO/SAE 21434 and ENX VCS.
‘’Over the past months, teams from various departments have worked closely together to prepare for an intensive and highly detailed audit. The auditors conducted a comprehensive assessment of our organizational structures, processes, and project evidence. We passed the certification successfully – without non–conformity. A special thanks goes out to everyone involved in the preparation, documentation efforts, and the audit interviews.’’ explains Dr. Fabian Lanze, Head of Product Cyber Security.
ISO/SAE 21434 sets out a high bar: it requires robust processes, clear documentation, and a company-wide mindset to identify, manage, and minimize cybersecurity risks throughout the entire vehicle lifecycle. This certification is more than just a formal achievement. It demonstrates to our customers, partners, and regulators that we take cybersecurity seriously and are committed to delivering safe and secure products. It strengthens our position as a trustworthy global supplier and shows that we can meet and exceed the standards expected by industry leaders.
Background of ISO 21434
In 2015, the automotive industry faced a wake-up call when hackers remotely took control of a Jeep Grand Cherokee via its Uconnect infotainment system, exposing severe cybersecurity vulnerabilities. This incident highlighted the urgent need for robust standards to protect connected vehicles from cyberattacks. In response, the United Nations Economic Commission for Europe (UNECE) introduced cybersecurity requirements for vehicle type approvals in 2020. The detailed framework for these standards was later formalized in August 2021 through ISO/SAE 21434.
ISO/SAE 21434: automotive cybersecurity standard
Developed jointly by the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE), ISO/SAE 21434 does not focus on fixing specific security loopholes, as these evolve rapidly. Instead, it establishes comprehensive processes for managing cybersecurity risks throughout a vehicle’s lifecycle. This includes product development, production, servicing, operation, and even disposal of personal data. The standard mandates structured threat analysis and risk assessment, ensuring that automotive companies integrate cybersecurity into every stage of their operations.
Huf’s implementation and next-generation ECU
Huf has embraced ISO/SAE 21434 by conducting thorough risk assessments for its products, particularly in its global “Phone as a Key” initiative. This technology, which enables smartphones to function as digital car keys, introduces potential vulnerabilities in hardware, firmware, and data sharing. Huf proactively identifies these risks and provides customers with solutions aligned with the standard. Recognizing that smartphones are a high-risk element, Huf collaborates with the Car Connectivity Consortium to develop additional security measures, ensuring that digital keys remain protected and cannot be misused.
By adopting ISO/SAE 21434, Huf demonstrates its commitment to safeguarding connected vehicles against cyber threats, reinforcing trust in digital mobility solutions.
