Synopsys Secures Connected Vehicles with Industry’s First IP Product to Achieve Third-Party Certification for ISO/SAE 21434 Cybersecurity Standard

ISO/SAE 21434 Connected Vehicle Cybersecurity Risk Management

Synopsys has worked closely with leading automotive chip suppliers for many years and has been aware that this was becoming a requirement for them early on, leading us to build ISO/SAE 21434 certification into our roadmap after early engagement with customers. 

To begin with, Synopsys needed to define the cybersecurity development lifecycle before we could obtain ISO/SAE 21434 certification for our IP development process and ARC HS4xFS Processors. Key elements of the cybersecurity engineering processes include the Security Development Lifecycle (SDL), Security Risk Assessment (SRA), and the IP Security Incident Response Team (IP-SIRT).

• The SDL builds upon the foundational elements of the Quality Management System (QMS). This integration ensures that cybersecurity measures are deeply embedded into the development processes to ensure that both safety and security are considered throughout the development cycle.
• The SRA plays a pivotal role in identifying and mitigating potential security risks throughout the development process. By systematically evaluating risks, users can prioritize efforts and allocate resources effectively to address the most significant threats. 
• Finally, the IP-SIRT is tasked with monitoring, detecting, and responding to security incidents. This team's proactive measures ensure that any security breaches are swiftly addressed, minimizing potential damage and maintaining the integrity of the IP.

Through these coordinated efforts, ISO/SAE 21434 certification provides a robust framework for managing cybersecurity risks, ensuring that the ARC HS4xFS Processor family (and additional IP portfolio products in the future, including interface, security, and processor IP solutions) have been assessed for potential security threats.

ISO/SAE 21434 and Synopsys ARC HS4xFS

The potential for automotive cybersecurity vulnerabilities can come from anywhere. For instance, plugging in your smartphone to your vehicle with a USB, Bluetooth connections, and, more recently, Wi-Fi and 5G/LTE connections all can allow potential threats into the vehicle. As cars become more software-defined, over-the-air (OTA) updates are increasingly common, enabling remote updates with new features or fixes. However, this also opens up potential security risks such as unauthorized access, tampering, and malware. Adhering to the ISO/SAE 21434 cybersecurity standard is crucial to protecting these safety-critical automotive systems as more channels of attack become standard in new cars.

Today, ARC HS4xFS Processor IP, already certified under ISO 26262 (meeting ASIL D Random and ASIL D Systematic compliance for safety-critical systems), now holds ISO/SAE 21434 compliance certification performed by a third-party auditor. ARC HS4xFS functional safety processors facilitate the development of high-performance safety-critical applications and are optimized for high-performance embedded applications. Customers who use ARC HS4xFS processors and other ISO/SAE 21434-compliant technology ensure that security best practices are followed throughout the entire development process from IP to final vehicle assembly.