Government publishes fresh cyber security standard for self-driving vehicles

The British Standards Institute has released a new cyber security standard for self-driving vehicles in the UK which, it said, would provide guidance to help protect self-driving cars from hacking attempts and other cyber threats in the future.

With the market for self-driving vehicles in the UK expected to be worth up to £52 billion by 2035, the government believes that the UK must have a cyber security standard to ensure that cyber security of such vehicles would be incorporated at the development stage itself and would not be included as an afterthought, a fact that has rendered millions of IoT devices vulnerable to cyber threats.

The new cyber security standard for self-driving vehicles has been prepared by the British Standards Institute following in-depth consultations with leading autonomous car-makers such as Jaguar Land Rover, Ford and Bentley and also consultations with the National Cyber Security Centre.

“As vehicles get smarter, major opportunities for the future of mobility increase. But so too do the challenges posed by data theft and hacking. This cyber security standard should help to improve the resilience and readiness of the industry, and help keep the UK at the forefront of advancing transport technology,” said Jesse Norman, Future of Mobility Minister.

New standard based on existing guidelines for self-driving vehicles

The new cyber security standard for self-driving vehicles is based on eight guiding principles that the Department for Transport published last year and mandated vehicle manufacturers to follow to ensure cyber security of connected and autonomous vehicles in the future. Following are the eight principles:

  1. Organisational security is owned, governed and promoted at board level.
  2. Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain.
  3. Organisations need product aftercare and incident response to ensure systems are secure over their lifetime.
  4. All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system.
  5. Systems are designed using a defence-in-depth approach.
  6. The security of all software is managed throughout its lifetime.
  7. The storage and transmission of data is secure and can be controlled.
  8. The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail.

“Whether we’re turning vehicles into wifi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks.

“That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations,” said Transport Minister Lord Callanan.