The UK government has issued new guidance on vehicle cybersecurity. The 8 principles—each with more detailed sub-principles—in the guidance set out how the automotive sector can make sure cybersecurity is properly considered at every level, from designers and engineers, through to suppliers and senior level executives.
The government is also looking at a broader program of work announced in this year’s Queen’s speech under the landmark Autonomous and Electric Vehicles Bill that aims to create a new framework for self-driving vehicle insurance.
The 8 main principles are:
Organizational security is owned, governed and promoted at board level;
Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain;
Organizations need product aftercare and incident response to ensure systems are secure over their lifetime;
All organizations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system;
Systems are designed using a defense-in-depth approach;
The security of all software is managed throughout its lifetime;
The storage and transmission of data is secure and can be controlled;
- The system is designed to be resilient to attacks and respond appropriately when its defenses or sensors fail<.>
Our cars are becoming smarter and self-driving technology will revolutionize the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we’re turning vehicles into wifi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks.
That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations.—Transport Minister Lord Callanan
The government will continue to support and work collaboratively with industry to make sure vehicles are protected from cyber-attacks. The guidance principles will form a key part of these discussions.