The ISO 21434 standard looks like a very interesting standard. It was created by the automotive industry for the automotive industry but contains lots of best practices that can be applied broader.
In the larger picture, ISO 21434 is trying to solve a common problem in the cybersecurity & tech driven manufacturing space – supply chain risk. Solutions are often built with components supplied by dozens of vendors. Understanding the interactions between the components and related cybersecurity risks is a serious challenge.
Whilst the requirement for vulnerability management throughout the lifecycle of the product remains a challenge for all industries, there is an additional challenge for the automotive industry. All of these actions need to be done with hard-to-update components and the supplier needs to adhere to the safety-critical requirements.
It is expected that the defined best practices will lead to real business impact, not only reducing security (& safety) risks but also enabling organisations to increase their product development velocity as vulnerabilities are managed across the entire development lifecycle.
Once the ISO 21434 standard is published and adopted, the demand for certified automotive suppliers that apply ISO 21434 into their core activities will rise, and those that are not certified will be left in the dark.