ISO/SAE 21434 Automotive Cybersecurity Certification with UNECE R155 Considerations

Course Duration: 5 Days - 8 Hours/day

This five-day seminar covers all 14 clauses of the ISO/SAE 21434 standard to give those attending the information necessary to understand the standard and move your organization toward conformance. An overview of United Nations (UN) regulations WP.29, R155 & R156, as well as VDA ACMS (Automotive Cybersecurity Management System) will also be provided. ISO/SAE 21434 is the cybersecurity standard that is applied to cybersecurity-related systems that include electric/electronic, wired, and wireless communication systems installed in production passenger vehicles.

This course combines presentations with hands-on, in-class group exercises to put what you are learning into practice. Concepts are reinforced through a running case study of an airbag system as a part of the integrated workshops that include Item Definition, Threat Analysis and Risk Assessment (TARA), Cybersecurity Goals, CAL levels, Cybersecurity Concept, and Hardware/Software Interface. There is an optional ISO/SAE 21434 Certification exam at the end of the class for those wanting to demonstrate and document their knowledge.

Learning Objectives

  • Determine the Relevance of Automotive Cybersecurity for Specific Products
  • Determine the Applicability of ISO/SAE 21434 in Your Organization and Current Products
  • Plan and Perform Cybersecurity Management Activities
  • Perform a Basic TARA
  • Perform Activities of the Concept Phase
  • Perform Activities of the Product Development Phases
  • List and Describe Applicable Activities of the Production, Operations & Maintenance, and Decommissioning Phases for a Typical Project
  • Develop a Plan for Continual Cybersecurity Activities for a Typical Project
  • Perform Distributed Cybersecurity Activities for a Typical Project
  • Develop a Plan to Implement Automotive Cybersecurity
  • Develop a Plan to Implement ISO/SAE 21434 for a Typical Project

Course Outline

  • Chapter 1: Overview of Automotive Cybersecurity and ISO/SAE 21434
  • List and describe some automotive cybersecurity issues
  • Determine the relevance of some automotive cybersecurity issues for specific products
  • Identify and describe some processes in your organization that might benefit from ISO/SAE 21434
  • Identify and describe some products/projects in your organization that might benefit from ISO/SAE 21434
  • Breakout Exercise 1: Determine the Applicability of Automotive Cybersecurity and ISO/SAE 21434
  • Chapter 2: Cybersecurity Management (Clauses 5 & 6)
  • Plan and perform cybersecurity management activities at the organizational level
  • Plan and perform cybersecurity management activities at the product/project level
  • Breakout Exercise 2: Define the Cybersecurity Case
  • Chapter 3: TARA and the Concept Phase (Clauses 15 & 9)
  • Develop the Item Definition for a typical project
  • Breakout Exercise 3: Create the Item Definition
  • Perform an automotive TARA for a typical project
  • Breakout Exercise 4: Perform a TARA
  • Define cybersecurity goals for a typical project
  • Develop the cybersecurity concept for a typical project
  • Breakout Exercise 5: Develop the Cybersecurity Goal, Cybersecurity Requirements, and Cybersecurity Concept
  • Chapter 4: Product Development Phases (Clauses 10 & 11)
  • Perform product development activities for a typical project
  • Breakout Exercise 6: Derive Flow-down of Hardware and Software Requirements
  • Perform cybersecurity validation activities for a typical project
  • Chapter 5: Post-Development Phases (Clauses 12, 13 & 14)
  • Perform activities of the production, operations and maintenance, and decommissioning phases for a typical project
  • Chapter 6: Continual Cybersecurity Activities (Clause 8)
  • Execute a plan for continuous cybersecurity activities for a typical project
  • Breakout Exercise 7: Develop Cybersecurity Plans (Continual Cybersecurity Activities and Incidence Response)
  • Chapter 7: Distributed Cybersecurity Activities (Clause 7)
  • Perform distributed cybersecurity activities for a typical project
  • Breakout Exercise 8: Develop a Cybersecurity Interface Agreement
  • Chapter 8: Implementing Automotive Cybersecurity
  • Develop a plan to implement automotive cybersecurity for a typical project
  • Chapter 9: ISO/SAE 21434 Implementation Strategy
  • Develop a plan to implement ISO/SAE 21434 for a typical project
  • Three Levels of Certification
  • Level 1 Cybersecurity Engineer Knowledge Requirements: • 1 week of Cybersecurity training and candidates must pass a three hour final exam. Prerequisites: • At least 3 years of relevant professional experience.
  • Level 2
  • Cybersecurity Engineer Professional Knowledge Requirements: • 1 week of Cybersecurity training and candidates must pass a three hour final exam. Prerequisites: • One case study demonstrating experience in Cybersecurity which can be verified. The case study should show a broad understanding from Cybersecurity Plan to Cybersecurity Case (work products). • Interview. • At least 5 years of relevant industry experience.
  • Level 3
  • Cybersecurity Expert Knowledge Requirements: • 1 week of Cybersecurity training and candidates must pass a three hour final exam. Prerequisites: • Two case studies demonstrating the ability to do confirmation measures, and evidence of communication. • Interview. • At least 10 years of relevant industry experience.

Who Should Attend

This seminar is intended for those involved in the design, development, and production of electrical and electronic based vehicle products, including the systems, software and hardware engineers, and managers. Basically, all those responsible for the development and implementation of hardware and software systems in motor vehicles would benefit.

Participants should be or plan to be, actively managing, involved in, or aware of electrical and/or electronic items, systems, or elements that are incorporated in vehicles.

Course Materials

Each participant will receive a seminar manual including breakout exercises and case studies.

Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.

Pre-Requisite

Participants should be or plan to be actively managing or involved in the incorporation of electrical and electronic items, systems or elements.

Upcoming Training