The United Kingdom has published a set of “Key principles of vehicle cyber security for connected and automated vehicles” outlining how auto-makers need to behave if they want computerised cars to hit Blighty’s byways and highways.
The eight principles follow:
- Organisational security is owned, governed and promoted at board level;
- Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain;
- Organisations need product aftercare and incident response to ensure systems are secure over their lifetime;
- All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system;
- Systems are designed using a defence-in-depth approach;
- The security of all software is managed throughout its lifetime;
- The storage and transmission of data is secure and can be controlled;
- The system is resilient to attacks and responds appropriately.