A connected, updatable vehicle is also an attack surface. Modern automotive security is built on three pillars: a process standard that runs across the whole lifecycle, a way to authenticate messages on the bus, and hardware that protects the keys everything else relies on.
ISO/SAE 21434 defines cybersecurity engineering for road vehicles from concept through decommissioning. It introduces threat analysis and risk assessment (TARA), security requirements, validation and continuous monitoring — mirroring what ISO 26262 did for functional safety. Coupled with UN R155, it makes a managed Cybersecurity Management System (CSMS) a condition for type approval.
Classic CAN frames carry no authentication, so a spoofed message can look genuine. Secure Onboard Communication (SecOC), part of AUTOSAR, adds a message authentication code (MAC) and a freshness value to protected frames, letting receivers reject forged or replayed messages. It is the practical mechanism that stops an injected frame from commanding an actuator.
SecOC, secure boot and signed OTA updates all depend on cryptographic keys — and those keys must never leak. A hardware security module (HSM) is an isolated, tamper-resistant block inside the ECU that stores keys and performs crypto operations so secrets never appear in general memory. It anchors secure boot, key management and authenticated communication in silicon, where software alone cannot be trusted.