Cybersecurity Rules For Autonomous Vehicles

Uploaded on 2017-08-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The United Kingdom has recently published a set of cyber security regulations, “Key principles of vehicle cyber security for connected and automated vehicles”. 

The set’s target is to outline how auto-makers need to behave if they want computerised cars to be approved by Britain and reach the road.

The set was written by the UK’s Department for Transport, with help from the Centre for the Protection of National Infrastructure. The principles suggest all participants in the auto industry’s long supply chains must work together on security both in the design process and for years after vehicles hit the roads. The principles, among others, include, governing and promoting organisational security as well as securing all software all along its lifetime.

Other particularly important principles include the expectation that “security risks specific to, and/or encompassing, supply chains, sub-contractors and service providers are identified and managed through design, specification and procurement practices.” One of the principles may raise eyebrows as it suggests “Organisations ensure their systems are able to support data forensics and the recovery of forensically robust, uniquely identifiable data. This may be used to identify the cause of any cyber, or other, incident.” 

The combination of “uniquely identifiable” and “other incident” isn’t spelt out, but suggests all manner of avenues to investigate driver behaviour.

Another principle suggests “Remote and back-end systems, including cloud based servers, which might provide access to a system have appropriate levels of protection and monitoring in place to prevent unauthorised access.”
One of the rule sets out how a car should respond to malicious hacking attempts, by stating “The system must be able to withstand receiving corrupt, invalid or malicious data or commands via its external and internal interfaces while remaining available for primary use. This includes sensor jamming or spoofing.”

Regarding operations security, the principles call for “Design controls to mediate transactions across trust boundaries, must be in place throughout the system. These include the least access principle, one-way data controls, full disk encryption and minimising shared data storage.”

I-HLS

You Might Also Read: 

Driverless Truck Fleet Gets UK Trial:

Protecting Future Cars from Cyber Attacks:

 

« GDPR - 10 Things You Must Know –
Tech Industry Has Written Women Out Of History »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

X-act Forensics

X-act Forensics

X-act forensics are computer forensic experts with experience in cases of computer fraud, intellectual property theft, and social networking cases.

Signal Sciences

Signal Sciences

Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform.

SKKU Security Lab (seclab)

SKKU Security Lab (seclab)

SKKU Security Lab supports research and education in information security engineering. The lab is a part of the College of Software, Sungkyunkwan University.

Nexis

Nexis

Nexis GmbH is a German IT security company specializing in IAM, access control, and risk management.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

MENAInfoSecurity

MENAInfoSecurity

MENAInfoSecurity is a regional leader in information security solutions, assurance services and managed services.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

NextGen Cyber Talent

NextGen Cyber Talent

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

Resmo

Resmo

Resmo is an all in one platform for SaaS app and access management for modern IT teams.