The Department for Transport (DfT) today released new guidance for connected and autonomous vehicles in response to the growing cyber threat affecting internet connected cars.
The guidance, based on 8 key principles, aims to ensure that those developing connected and autonomous vehicles have cyber security at the forefront of their minds. This will help guarantee that all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines on security for connected cars. This is part of a broader programme of work announced in this year’s Queen’s speech under the Autonomous and Electric Vehicles Bill.
The 8 principles in the guidance state that:
- Organisational security is owned, governed and promoted at board level
- Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
- Organisations need product aftercare and incident response to ensure systems are secure over their lifetime
- All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system
- Systems are designed using a defence-in-depth approach
- The security of all software is managed throughout its lifetime
- The storage and transmission of data is secure and can be controlled
- The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail
The ‘Key Principles of Cyber Security for Connected and Automated Vehicles’ document can be downloaded below.
Further information about the guidance can be found here