Integration of agile approach into the implementation of the ISO/SAE 21434 on top of the V-model to enable continuous secure-by-design automotive cybersecurity development

Abstract

The rapid evolution of technology is revolutionizing the automotive industry, with connected and autonomous vehicles at the forefront. These vehicles rely on complex digital ecosystems to enhance safety and efficiency but are increasingly vulnerable to cybersecurity threats. Addressing these challenges requires following robust development methodologies, while complying with cybersecurity standards. This study introduces a framework that merges the widely used agile methodology practices with the ISO/SAE 21434 standard to support secure-by-design automotive product development. Traditional development approaches like the V-model provide structured and linear project phases, but they often lack the flexibility and the ability to adapt to evolving security needs. By incorporating agile principles, the framework promotes iterative, adaptive, and collaborative processes, ensuring timely identification and mitigation of risks. This research highlights the critical role of integrating agile methodologies with the established cybersecurity standards to meet the growing demands of connected vehicle security, offering valuable contributions to both academic and industry practices. The study also demonstrates how iterative threat analysis and risk assessments can be performed to refine cybersecurity goals and prioritize risks. It also provides a practical case study, which implements the above integration, showing how techniques, such as continuous testing of the tool, were applied within every agile sprints to verify the tool\u27s effectiveness by shifting verification and validation earlier in the development process. This approach improved risk management efficiency and ensured compliance with ISO/SAE 21434 requirements. The study highlights the framework’s practicality, showing how it can streamline cybersecurity processes in a dynamic automotive development environment. By adopting this agile-driven methodology, organizations can better manage cybersecurity risks, align with industry standards, and foster a culture of continuous improvement