Bertrand Boisseau
on 3 June 2024
Vehicle cybersecurity: the journey towards ISO 21434 compliance
Automotive is going through considerable technological advancement, centred around the software that vehicles and their manufacturers use. A large part of this software evolution is the move towards open source software. Ensuring the safety and security of critical systems is extremely important, especially in safety-critical use cases. At Canonical, we stand at the forefront of this mission, leading actions to establish robust functional safety and cybersecurity initiatives in compliance with ISO 26262 and ISO 21434.
In this blog post, we will share Canonical’s path towards ISO 21434 compliance, a fundamental standard shaping the cybersecurity framework for automotive software.
Setting the stage: understanding automotive cybersecurity for OEMs and Tier 1 suppliers
Before targeting cybersecurity, let’s talk about functional safety. In the automotive industry, safety isn’t just a desirable feature—it’s an absolute necessity. With millions of vehicles on roads worldwide, the stakes are high, and ensuring the wellbeing of drivers, passengers and pedestrians is often literally a matter of life and death. Historically, automotive safety has been primarily focused on mechanical systems, such as brakes, airbags, and seatbelts. However, as vehicles become increasingly sophisticated – integrating advanced technologies like autonomous driving (AD) capabilities, connectivity features, and complex software systems – the concept of safety has evolved significantly.
ISO 26262 is one of the key standards governing safety in automotive software. It provides guidelines for the functional safety within vehicles, outlining processes and measures to mitigate risks associated with system failures. ISO 26262 addresses various aspects of automotive safety, including hazard analysis, and the implementation of safety mechanisms to prevent or mitigate the effects of malfunctions. Compliance with ISO 26262 is essential for ensuring the reliability and integrity of automotive systems, particularly in critical applications where system failures could lead to life-threatening consequences.
Safety standards like ISO 26262 are even more vital when you consider the advancements in artificial intelligence and AD technologies. Advanced Driver Assistance Systems (ADAS) features, such as adaptive cruise control and lane-keeping assist, require meticulous validation to ensure they function reliably and safely whether it’s thick fog, snow, heavy rain, or at night. As such, the automotive industry faces a wide-ranging safety landscape, where traditional concerns intersect with emerging technologies, emphasising the need for comprehensive safety frameworks that address both physical and digital risks.
Canonical’s role in advancing functional safety
Canonical’s commitment to functional safety extends beyond mere compliance with standards; it encompasses a holistic approach to software development that prioritises quality, security, and reliability at every stage of the life cycle.
Our progress towards functional safety in automotive software is founded upon a strong emphasis on quality management (QM) practices. QM provides a reliable set of expectations, practices, and checks that verify that the software being delivered follows a robust process aimed at guaranteeing traceability so that it can be compliant with automotive expectations. Canonical employs a range of quality management protocols and tools to monitor and enhance the quality of its software products, including independent quality indicators like the TIOBE Quality Indicator (TQI) and adherence to industry-recognised standards such as ISO 25010.
ISO 21434 is another crucial standard that outlines guidelines for addressing cybersecurity risks in automotive software throughout its lifecycle. Canonical is actively working towards compliance with ISO 21434. By aligning our practices with the principles and requirements of ISO 21434, we aim to further enhance the security and resilience of our software solutions, and contribute to the overall functional safety of automotive systems.
As part of these efforts, we also participate in industry-standardisation efforts, such as ISO working groups. These groups play a crucial role in shaping the development and implementation of standards like ISO 21434, focusing on cybersecurity in the automotive sector. Through our participation, we contribute expertise and best practices to the establishment of robust cybersecurity frameworks that ensure the integrity and security of automotive software systems.
Canonical’s collaboration within ELISA (Enabling Linux In Safety Applications) – an industry initiative aimed at advancing the use of Linux in safety-critical applications – further demonstrates our commitment to safety in automotive software. By joining ELISA, Canonical aligns itself with other industry leaders in working towards the establishment of comprehensive guidelines and best practices for deploying Linux securely in safety-critical environments. Through its involvement in ELISA, Canonical contributes its expertise in open source software to the development of principles and processes that enhance the safety and reliability of Linux-based systems in automotive applications.
Open source excellence for a dependable Linux
The automotive industry relies heavily on software to power the next generation of vehicles; ensuring the safety and security of these systems is a top priority. By adhering to rigorous standards like ISO 21434, we are not just meeting regulatory requirements – we are setting a new standard for excellence in automotive software development.
On top of that, the lessons learned and best practices established through our efforts towards functional safety have broader implications beyond the automotive industry. As software becomes increasingly integrated into various aspects of our lives, the need for robust cybersecurity measures becomes more critical than ever. By pioneering advancements in functional safety and cybersecurity, we are not only safeguarding automotive systems, but also contributing to the overall security and reliability of software across all sectors.
To learn more about Canonical and our engagement in automotive:
Contact Us
Check out our webpage
Watch our webinar with Elektrobit about SDV
Download our whitepaper on V2X (Vehicle-to-Everything)