ISO/SAE 21434: Automotive Cybersecurity terms and definitions

Reading time: 4 minutes - Difficulty: Advanced
ISO 21434 has a unique complexity, given also by the variety of terms introduced, compared to other standards. Let us see what are the main definitions that, if you are an OEM, you can keep in mind when faced with a contract specification under ISO/SAE 21434. The definitions are those available in the international version of ISO/SAE 21434.

Item (component with specific function)

Defined within the concept phase of the final system in the international version of ISO/SAE 21434, the item is the component or set of components with a specific function at the vehicle level. A system can also be considered an item if it implements a function.

Items include automatic lane centering control modules, lane detection switches and sensors, online connection sensors, cables, and connectors.

The definition of the item determines the interfaces with other components inside the vehicle, or with the external E/E system, and the function with the expected behavior and preliminary architecture.

It is through the TARA (Threat Analyses and Risk Assessment) analysis that we analyze the threats and risks present on the various items so that we can set the cybersecurity goals of the final product.

Damage Scenario

This is the adverse consequence involving a vehicle or vehicle function causing harm to the user on the road; for example, think of the sudden exit of the vehicle from the lane.

Cybersecurity Goal

Cybersecurity requirement associated with one or more threat scenarios. These are examples of goals:

  • Preventing insufficient lateral adjustment that results in drifting off the roadway when an automatic lane centering system is activated
  • Preventing excessive lateral adjustment that results in leaving the roadway when an automatic lane centering system is activated

Cybersecurity Property

The parameters of cybersecurity that need to be guaranteed at all times, namely confidentiality, integrity and availability of data, are considered. In the specific case of ISO 21434, the properties are related to, for example, the steering wheel position value, the steering wheel speed value, and the vehicle speed.


Assets, consisting of one or more properties, are the resources whose compromise can lead to one or more damage scenarios. Consider problems related to incoming data communication, for example, about the functionality of the steering wheel.


In this regard, ISO/SAE 21434 considers the component to be a logically and technically separable part, as in the case, for example, of an automatic lane centering control module.

Threat Scenario

Potential cause of compromise of a property, or of one or more assets in order to realize a damage scenario. One example is the spoofing of information about the position of the steering wheel and/or the steering wheel speed value and/or the vehicle speed, which reaches the automatic lane centering control module.

Attack Path

This is a set of deliberate actions to realize a threat scenario. Just think of the hypothetical case where the attacker compromises the navigation control unit from the cellular interface, or the gateway control unit forwards malicious information to the automatic lane centering control module. All this makes us realize how cybersecurity has now permeated even into roadside driving systems.