One of the first companies to meet the requirements of the ISO / SAE 21434 standard
The EDAG Group, the world's largest independent engineering service provider in the mobility industry, is one of the first companies in the automotive sector to be certified in accordance with the latest standard ISO / SAE 21434 Cybersecurity – Road Vehicles . The independent audit evaluates a wide variety of damage scenarios relating to possible cyber attacks on vehicles and their digital security architecture. The standard includes measures for product development throughout the entire product life cycle: from the concept phase through development and production to maintenance and decommissioning.
"As a globally active service provider in the mobility industry, the EDAG Group is aware of the importance of cybersecurity and the corresponding need for action. We therefore see it as our responsibility to integrate end-to-end security solutions into existing company guidelines, to adapt our organizational structure and business processes to these, to constantly optimize them, and to involve our customers and partners in an open and transparent manner," explains Managing Director and EDAG Group CFO Holger Merz. This covers the entire product life cycle, taking into account the industry's best standards and practices, and in compliance with whatever laws, regulations, standards and rules are applicable at any given time.
"Cars today have to be able to multitask. Although their permanent online connection constantly makes them more comfortable and safer, it also makes them vulnerable to criminal hackers and cyber attacks," notes Oliver Jäger, Corporate Manager for Cybersecurity and Functional Safety at the EDAG Group. Effective cybersecurity measures therefore need to be implemented to fully protect vehicle functions from external manipulation. This calls for appropriate concepts to provide all-round protection for the vehicles, back-end systems and customer devices. This also applies to all data – from creation and transmission to storage.
Even while the new cybersecurity standard, "Road Vehicles – Cybersecurity Engineering", was still being drafted, the EDAG team was paying detailed attention to the new requirements for vehicles, their components and the relevant development and production processes. "We spent more than 20 months examining the subject intensively and constructively. In the process, we put all relevant IT connections and processes to the test, changed existing procedures and defined new ones," says Oliver Jäger.
Within weeks of the first stage of the Regulation of the European Parliament and Council on the type approval of motor vehicles, which from July 6, 2022 requires a cybersecurity management system, coming into force, the EDAG Group was one of the first companies in the industry to obtain the certification. Oliver Jäger is convinced: "For the EDAG Group and our customers, this TÜV certification is an important milestone towards a mobile future in which classic IT and operational technology will continue to merge and cybersecurity will be an absolute must."