Footnote:
Diese Datenquelle enthält auch Bestandsnachweise, die nicht zu einem Volltext führen.
Description:
Since its recent publication in August 2021, the new international standard \(\it ISO/SAE 21434\) Road vehicles – Cybersecurity engineering has become the leading standard for security engineering in automotive domains. It defines comprehensive requirements for analysis, processes, and management of security-related tasks in designing, developing, producing, and maintaining vehicles. Within the first few months of applying the standard as a tier 1 supplier, we have been able to gain relevant experience in our daily work. In this paper, we present some of these insights concerning the application of the standard to threat analysis and risk assessment, especially from a supplier’s point of view. We discuss limitations of the standard with respect to impact and risk estimation for threats, realistic and consistent attack feasibility rating of attacks, and technical communication interfaces with our customers. Further, we present our ideas on how these limitations can be overcome by supplying specific interpretations of the standard and the extending examples in its annex.