Cybersecurity in product development

Cybersecurity legislation affects many industries. For example, the automotive industry must ensure compliance with the new ISO/SAE 21434 standard for Road vehicles — Cybersecurity engineering.

Work systematically and with traceability

Ola Larses, Lead Consultant at Taipuva spoke during Polarion Days about how important it is to understand risks by anticipating scenarios to protect product safety. With the new ISO standard (ISO/SAE 21434) in the automotive industry it is necessary to have a system that is able to manage cybersecurity, and to see potential risks throughout the product lifecycle. TARA (threat analysis and risk assessment) is a tool for this, and a key factor when analyzing risks of cyberattacks.

“As part of your cybersecurity efforts, you need to anticipate the risks that exist, and you do that through TARA. You see what threats there are when it comes to cybersecurity and how to overcome those threats and reduce the risks that exist, both at the product level and in your product development process” says Ola.

A new ISO standard for cybersecurity in the automotive industry

To work actively with cybersecurity in product development, you need to follow the legislation, and one way to do that is to use the ISO standards that exist for cybersecurity and management systems. If you work with it as a basis for how to implement your management system, it will help you to respond to the laws and requirements that exist in your particular industry.

Polarion helps you to maintain traceability, from threats and risks all the way down to risk reduction. This is part of the requirements of the ISO standard. You need to be able to show traceability and Polarion can help do just that.

“One can assume that one of the driving forces is precisely an ISO standard and laws that drive the development of working with cybersecurity in a structured way. But the biggest impetus is that if you don’t have this in place, you don’t have any competitiveness. That’s by far the most important thing. If you have a product that is easy to hack, lose data, or that the product does not work properly due to poor cybersecurity, then you are not a credible partner and then you will ultimately have to close down your business. There are no other options than to work actively and in a structured way with the laws and requirements that are on the table,”

Learn more about Polarion

Work systematically with cybersecurity

To meet the new cybersecurity legislation, companies need to work more systematically and thoroughly to analyse the cyber threats that are out there, and to ensure that everything is traceable to ensure that the risks that exist are properly mitigated.

When you start this process of working with cybersecurity, it can feel overwhelming. There is a lot of data that needs to be analyzed, and if you do it ad-hoc or work in excel documents, there will be too much data to handle. But if you do it in a systematic way, with a clear plan, it is possible to get through all the analysis required, and come up with a finished product that achieves the high standards of cybersecurity and also reduces the risks of cyber threats.