The ISO 21434 is a new standard that has been proposed to address the future challenges of automotive cybersecurity. This white paper takes a closer look at the ISO 21434 helping engineers to understand the ISO 21434 parts, the key activities to be carried out and the main artefacts that shall be produced. As any certification, obtaining the ISO 21434 certification can be daunting at first sight. Engineers have to deploy processes that include several security risk assessment methods to produce security arguments and evidence supporting item security claims. In this white paper, we propose a security engineering approach that can ease this process by relying on Rigorous Security Assessments and Incremental Assessment Maintenance methods supported by automation. We demonstrate by example that the proposed approach can greatly increase the quality of the produced artefacts, the efficiency to produce them, as well as enable continuous security assessment. Finally, we point out some key research directions that we are investigating to fully realize the proposed approach.

中文翻译：

---

ISO 21434的安全工程

ISO 21434是已提出的新标准，旨在解决汽车网络安全的未来挑战。本白皮书仔细研究了ISO 21434，以帮助工程师了解ISO 21434的各个部分，要进行的关键活动以及应产生的主要人工制品。作为任何认证，一眼就能获得ISO 21434认证。工程师必须部署包括几种安全风险评估方法的流程，以产生安全论据和支持项目安全声明的证据。在本白皮书中，我们提出了一种安全工程方法，该方法可以通过依靠自动化支持的严格安全评估和增量评估维护方法来简化此过程。我们通过示例证明了所提出的方法可以极大地提高所生产出的人工制品的质量，生产它们的效率以及进行持续的安全评估。最后，我们指出了我们正在研究的一些关键研究方向，以完全实现所提出的方法。