Cybersecurity by Agile Design
ISO/SAE 21434  Final International Standard was released September 2021 to great fanfare and is the most prominent standard in Automotive Cybersecurity. As members of the Joint Working Group (JWG) the authors spent 5 years developing the 84 pages of precise wording acceptable to hundreds of contributors. At the same time the auto industry had been undergoing a metamorphosis probably unmatched in its hundred-year history. A centerpiece of the metamorphosis is the adoption of the Agile development method to meet market demands for time-to-market and flexibility of design. Unfortunately, a strategic decision was made by the JWG to focus ISO/SAE 21434 on the V-Model method. Agile does not break ISO/SAE 21434. Agile is a framework that can be adapted to suit any process. In the end the goals are the same regardless of development method; security by design must be achieved.