Last year, we predicted that 2021 would be the year of the automotive standard. This year, auto manufacturers are going to be asking a lot of the important questions around how to implement these standards, specifically ISO/SAE 21434, which includes security management, project-dependent cybersecurity management, continuous cyber security activities, associated risk assessment methods, and cybersecurity within the product development and post development stages of road vehicles.
Recently, SAE started a new working group called the Cybersecurity Maturity Model that helps organizations map the activities and processes that they may already be implementing to the requirements of the ISO/SAE 21434 standard to leverage existing programs and processes. As organizations mature, the next step is to look at it from a metric standpoint. How do we as an organization collect and measure metrics that show the organization’s progress over time and ensure that cybersecurity practices are continually evolving and addressing new threats?
In 2022, organizations need to prioritize cybersecurity and weave new activities into their established programs. The work coming from SAE’s Cybersecurity Maturity Model Task Force certification authorities are going to help automotive manufacturers and OEMs improve their overall cybersecurity program.