QNX has reached a significant milestone by receiving the certification to the ISO/SAE 21434 automotive cybersecurity standard. As a leading supplier of safe, secure and reliable foundational software for the world’s most critical embedded systems, QNX is able to add this achievement to its already strong cybersecurity position. The certification by TÜV Rheinland confirms the company’s ability to support automotive OEMs who need to prioritize cybersecurity to meet the UNECE WP.29 Regulation 155. This regulation mandates that OEMs implement cybersecurity actions across all phases of their product lifecycle, from development, to production, to maintenance of vehicles in the field.
This certification demonstrates that QNX development processes adhere to best-in-class cybersecurity practices defined in ISO 21434, providing a solid foundation for future innovations in the automotive industry. This means QNX customers can leverage the QNX Cybersecurity Management System to augment the security of their QNX-based automotive systems and comply with WP.29 UN Regulation R155. By complying with the standards, QNX not only underscores its commitment to cybersecurity but also positions itself as a leader in developing secure, reliable and resilient foundational software for systems like advanced driver assistance systems (ADAS), digital cockpits, automotive audio, gateways, zonal and domain controllers, telematics and diagnostic systems.
For automotive OEMs, having vendors with the ISO 21434 certification simplifies the processes of complying with cybersecurity requirements, thereby speeding time to market. In addition, it provides them with a high level of assurance that their vehicle systems are secure and that their brand and reputation are further safeguarded against cyber threats in an increasingly connected and complex automotive landscape.
Understanding the Certification
ISO 21434 is an international standard that addresses cybersecurity risks in the design and development of automotive systems. Achieving certification to this standard demonstrates a company’s adherence to the highest levels of cybersecurity protocols and practices.
Essentially, ISO 21434 encompasses the entire lifecycle of automotive products, from initial concept to decommissioning. It provides guidelines on how to identify and mitigate cybersecurity risks, enabling every component and system within a vehicle to be safeguarded against potential threats. By embracing the standard, QNX has enhanced all aspects of its development lifecycle for cybersecurity, from performing threat analysis, risk assessments and static code analysis, to doing security-related testing, improving on its vulnerability handling capacities, and more.
In addition, ISO 21434 and ISO 26262, the functional safety standard for the development of electrical and electronic systems in road vehicles, have complementary goals, as there’s no safety without security. The two standards emphasize the importance of integrating their respective criteria into the overall engineering process, and both cover the lifecycle of a product from concept to maintenance to decommissioning. By achieving this new security certification, QNX adds a new layer of protection for automakers, building on existing ISO 26262 ASIL D certification for QNX® OS for Safety and QNX® Hypervisor for Safety, and has proven its dedication to maintaining both stringent security and safety standards throughout the product lifecycle.
The QNX Commitment to Cybersecurity
The QNX certification to ISO 21434 is a testament to its unwavering commitment to cybersecurity. This achievement not only underscores the capabilities of QNX as a provider of safe, secure, and reliable software solutions but also sets a benchmark for the industry. For vehicle software developers, automotive cybersecurity experts, and other automotive technology professionals, this certification promises enhanced trust and confidence in QNX.
For more than 40 years, QNX has been at the forefront of providing safe and secure embedded software solutions. This latest certification builds on the company’s already strong cybersecurity foundation, reinforcing the QNX three-pillar approach to cybersecurity:
- A culture that cultivates an environment in which every employee understands the importance of cybersecurity and can successfully practice the principles of security-by-design. This culture of cybersecurity permeates every aspect of the company.
- Secure products that are designed with cybersecurity at their core. With their microkernel architecture, QNX operating systems have a limited attack surface, making them inherently more secure.
- An ecosystem of partners that extends and enhances the QNX cybersecurity capabilities. These partnerships enable QNX to integrate additional cybersecurity solutions with its own.
Read More