Cybersecurity Rules For Autonomous Vehicles

The United Kingdom has recently published a set of cyber security regulations, “Key principles of vehicle cyber security for connected and automated vehicles”. 

The set’s target is to outline how auto-makers need to behave if they want computerised cars to be approved by Britain and reach the road.

The set was written by the UK’s Department for Transport, with help from the Centre for the Protection of National Infrastructure. The principles suggest all participants in the auto industry’s long supply chains must work together on security both in the design process and for years after vehicles hit the roads. The principles, among others, include, governing and promoting organisational security as well as securing all software all along its lifetime.

Other particularly important principles include the expectation that “security risks specific to, and/or encompassing, supply chains, sub-contractors and service providers are identified and managed through design, specification and procurement practices.” One of the principles may raise eyebrows as it suggests “Organisations ensure their systems are able to support data forensics and the recovery of forensically robust, uniquely identifiable data. This may be used to identify the cause of any cyber, or other, incident.” 

The combination of “uniquely identifiable” and “other incident” isn’t spelt out, but suggests all manner of avenues to investigate driver behaviour.

Another principle suggests “Remote and back-end systems, including cloud based servers, which might provide access to a system have appropriate levels of protection and monitoring in place to prevent unauthorised access.”
One of the rule sets out how a car should respond to malicious hacking attempts, by stating “The system must be able to withstand receiving corrupt, invalid or malicious data or commands via its external and internal interfaces while remaining available for primary use. This includes sensor jamming or spoofing.”

Regarding operations security, the principles call for “Design controls to mediate transactions across trust boundaries, must be in place throughout the system. These include the least access principle, one-way data controls, full disk encryption and minimising shared data storage.”

I-HLS

You Might Also Read: 

Driverless Truck Fleet Gets UK Trial:

Protecting Future Cars from Cyber Attacks:

 

« GDPR - 10 Things You Must Know –
Tech Industry Has Written Women Out Of History »

Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

WEBINAR: How to fuel your DevSecOps in AWS

WEBINAR: How to fuel your DevSecOps in AWS

Thursday, May 20, 2021 - In this webinar, SANS and AWS Marketplace will discuss how to build a strategy that encompasses visibility and automation for the DevSecOps pipeline in AWS.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BlackBag Technologies

BlackBag Technologies

BlackBag Technologies is an industry leading provider of forensics software, training, and eDiscovery solutions for Mac, iPhone, and Windows

Ikerlan

Ikerlan

Ikerlan is an R&D technology centre specialising in areas including embedded systems, industrial automation and industrial cybersecurity.

CyberSail

CyberSail

CyberSail.org is a new online platform built by SOFTimpact, specifically for the Maritime industry to share, discuss and combat Cyber Threats.

infoBay

infoBay

InfoBay is an enterprise platform specifically designed to securely safeguard highly sensitive transmitted data.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

Synelixis Solutions

Synelixis Solutions

Synelixis Solutions is a high-tech company founded to provide complete telecommunications, networking, security, control and automation solutions.

GuardRails

GuardRails

GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities.

Baker Donelson

Baker Donelson

Baker Donelson is a law firm with a team of more than 700 attorneys and advisors representing more than 30 practice areas including Data Protection, Privacy and Cybersecurity.