In the current time of increasing cybersecurity threats, the importance of managing software updates and patching is vital, particularly in safety-critical domains like the automotive and industrial sectors. ISO 21434 (automotive cybersecurity) and ISO 62443 (industrial cybersecurity) are two widely recognized standards that define clear firmware update standards to protect against emerging vulnerabilities and threats. Both standards highlight the necessity of timely and secure software updates to maintain system integrity throughout product lifecycles.
Managing software updates and patching in line with these firmware update standards can be a challenging but crucial task. Today we will discuss the best practices that software developers, system integrators, and cybersecurity teams can follow to align with the principles of ISO 21434 and ISO 62443.
Why Firmware Update Standards are Critical?
Due to increased system complexity, open-source usage and associated software vulnerabilities are inevitable. As new threats emerge, it becomes essential to patch these vulnerabilities to avoid potential exploits. For both automotive and industrial systems, this is particularly important since compromised systems can lead to severe consequences, including physical harm, operational disruption, and financial losses.
The lifecycle of both automotive and industrial systems is long, often spanning decades. As a result, maintaining these systems requires continuous software updates to ensure their security posture remains strong over time. Following established firmware update standards can prevent unauthorized access, mitigate known vulnerabilities, and maintain compliance with industry standards like ISO 21434 and ISO 62443.
ISO 21434 and its relevance in Automotive Cybersecurity
ISO 21434 covers cybersecurity at the system and component levels for connected vehicles. The standard outlines the following key aspects related to firmware updates for automotive systems:
Security by Design:
Security must be built into the software from the beginning and update mechanisms should be integrated into the vehicle architecture as part of the firmware update standards framework.
Vulnerability Management:
Manufacturers/OEM's must establish a process for identifying, tracking, and addressing security vulnerabilities, including through firmware updates for automotive systems.
Over-the-Air (OTA) Updates:
Secure OTA updates are necessary to patch software on vehicles without requiring physical access. OTA updates with containers can further isolate update packages for added integrity.
Post-production Support:
Cybersecurity responsibilities extend beyond production, and manufacturers/OEMs must provide security patches and updates throughout the vehicle's lifecycle in line with firmware update standards.
ISO 62443 Industrial Security Update Requirements
ISO 62443 focuses on the security of industrial control systems (ICS). This standard emphasizes secure design, implementation, and management of cybersecurity for industrial systems. The key points related to updates and patching include:
Patch Management:
Manufacturers/OEM's must develop a process for managing security patches and updates across the industrial ecosystem, including both hardware and software components, aligned with firmware update standards.
Risk-based Approach:
Patch prioritization should be based on risk assessments, ensuring that the most critical vulnerabilities are addressed first.
Change Management:
Any software update or patch must follow strict management protocols to ensure that it does not disrupt industrial operations.
Secure Deployment:
Industrial environments often face operational constraints, so security patches need to be deployed in a way that minimizes downtime and operational risks.
Best Practices for Managing Software Updates and Patching
The management of software updates and patches should be systematic, structured, and secure. Below are the best practices that align with the firmware update standards provided by ISO 21434 and ISO 62443.
Establish a Secure Update and Patch Management Process
The first step toward managing software updates and patches effectively is establishing a formal process that defines how updates will be developed, tested, and deployed. This should include:
Identification of Vulnerabilities:
A system for continuously monitoring and identifying software vulnerabilities. This could involve using vulnerability databases, regular code reviews, and security audits.
Patch Development:
Once vulnerabilities are identified, patches should be developed following secure coding practices, ensuring that they do not introduce new vulnerabilities. Secure firmware updates use cases in the automotive domain include ECU reprogramming, bootloader hardening, and OTA rollback protection.
Testing:
Before deploying any patch or update, rigorous testing should be conducted to ensure that it will not negatively affect the system. In automotive systems, for instance, firmware updates for automotive must be tested across a variety of driving scenarios to confirm compatibility.
Approval Process:
Updates and patches should go through a formal approval process, including cybersecurity reviews and risk assessments, before deployment.
Secure Communication Channels for Updates
Both ISO 21434 and ISO 62443 emphasize the importance of securing communication channels used to deliver software updates. These firmware update standards require that automotive and industrial systems deployed in remote locations protect wireless update delivery. Best practices include:
Encryption:
All software updates and patches should be encrypted during transit to prevent unauthorized interception. Automotive systems typically use technologies like TLSV3 (Transport Layer Security) to secure OTA updates.
Authentication:
The authenticity of updates should be verified through mechanisms like digital signatures, ensuring that only authorized and validated software is installed.
Integrity Checks:
Before applying an update, the system should perform integrity checks to confirm that the software has not been tampered with during transmission. OTA updates with containers add an extra layer of integrity by packaging update artifacts in isolated, verifiable containers.
Implement Delta Updates and Secure Boot
Efficient update delivery is a key aspect of firmware update standards. Delta updates transmit only the changed portions of firmware rather than the full image, significantly reducing bandwidth and update time — especially important for firmware updates for automotive systems in the field. Combined with secure boot, delta updates ensure that only authenticated incremental changes are applied to the system image. Trusted Execution Environments (TEEs) provide a secure environment where critical updates and security-sensitive operations can be executed, preventing malicious software from affecting the delta updates process.
Prioritize Updates Based on Risk
Patching all vulnerabilities immediately might not be practical, especially in industrial systems where downtime is costly. A risk-based approach, as recommended by ISO 62443, ensures that the most critical vulnerabilities are addressed first. Consider the following when prioritizing updates:
Severity of the Vulnerability:
Determine the potential impact of the vulnerability on system security. Critical vulnerabilities that expose the system to immediate threats should be patched first.
System Importance:
If the affected system is crucial to safety or operational continuity, prioritizing updates is essential.
Exposure Level:
Systems that are more exposed to external threats, such as connected vehicles or remotely accessible industrial control systems, should receive updates faster than systems with limited connectivity.
Minimize Downtime and Operational Disruption
For both automotive and industrial systems, minimizing downtime during the update process is critical. In the automotive industry, vehicles must remain operational during updates to avoid impacting users. In industrial environments, even short downtime periods can lead to significant financial losses.
OTA Updates:
In automotive systems, Over-the-Air (OTA) updates allow software patches to be deployed remotely without requiring a visit to the service center. These updates should be scheduled during off-peak hours to minimize the user impact. OTA updates with containers further improve deployment reliability and rollback capability.
Rolling Updates:
In industrial systems, rolling updates can be applied to individual components in a phased manner. This allows the system to remain operational while updates are being deployed to individual parts of the network.
Graceful Rollback Mechanism:
In case of an update failure, systems should be designed with a rollback mechanism that restores the previous version of the software without disrupting operations.
Continuous Monitoring and Incident Response
Software updates and patches are only part of the overall cybersecurity strategy. Continuous monitoring of vulnerabilities and incidents is crucial to maintaining security over time. Both ISO 21434 and ISO 62443 recommend proactive incident detection and response mechanisms aligned with firmware update standards.
Monitoring Tools:
Use intrusion detection systems (IDS), security information and event management (SIEM) tools and network monitoring solutions to detect signs of unauthorized access or malware that may compromise system integrity.
Incident Response Plan:
Establish a clear incident response plan that includes steps for mitigating the impact of a security breach, patching affected systems, and preventing recurrence.
Feedback Loop:
After each security incident or successful patch deployment, update the patch management process to incorporate lessons learned and improve future security efforts.
Provide Long-term Support and Lifecycle Management
Both standards emphasize that cybersecurity does not end at deployment. Developers and manufacturers must provide long-term support, including regular updates and patches, throughout the product life cycle. In the case of automotive systems, vehicles on the road for 10–15 years must continue to receive firmware updates for automotive systems to protect against evolving threats. Secure firmware updates use cases across this lifecycle range from initial security hardening to post-market vulnerability patches.
End-of-life Policy:
Establish a clear end-of-life policy for software support. Provide customers with guidance on securing their systems after support has ended.
Version Management:
Keep track of software versions in use across the system landscape. Ensure that patches are compatible with all versions and retire outdated versions that cannot be securely updated.
Our Edge Computing Services combined with IoT Security and Data Protection Services, enable secure, compliant software updates aligned with ISO 21434 and ISO 62443 standards.
Conclusion
Managing software updates and patching is critical for maintaining the cybersecurity of automotive and industrial systems. By aligning with firmware update standards defined in ISO 21434 and ISO 62443, organizations can establish best practices that ensure secure, timely, and efficient updates throughout product lifecycles. From secure communication channels and risk-based prioritization to delta updates, OTA updates with containers, and continuous monitoring — following these guidelines will help software developers, manufacturers, and system integrators protect their systems against evolving cybersecurity threats while minimizing downtime.
At Embien, we have supported many industrial and automotive component manufacturers with firmware updates for automotive and industrial use, implementing proven firmware update standards securely in the field. Feel free to contact us to discuss your requirements and challenges.