Cybersecurity Rules For Autonomous Vehicles

The United Kingdom has recently published a set of cyber security regulations, “Key principles of vehicle cyber security for connected and automated vehicles”. 

The set’s target is to outline how auto-makers need to behave if they want computerised cars to be approved by Britain and reach the road.

The set was written by the UK’s Department for Transport, with help from the Centre for the Protection of National Infrastructure. The principles suggest all participants in the auto industry’s long supply chains must work together on security both in the design process and for years after vehicles hit the roads. The principles, among others, include, governing and promoting organisational security as well as securing all software all along its lifetime.

Other particularly important principles include the expectation that “security risks specific to, and/or encompassing, supply chains, sub-contractors and service providers are identified and managed through design, specification and procurement practices.” One of the principles may raise eyebrows as it suggests “Organisations ensure their systems are able to support data forensics and the recovery of forensically robust, uniquely identifiable data. This may be used to identify the cause of any cyber, or other, incident.” 

The combination of “uniquely identifiable” and “other incident” isn’t spelt out, but suggests all manner of avenues to investigate driver behaviour.

Another principle suggests “Remote and back-end systems, including cloud based servers, which might provide access to a system have appropriate levels of protection and monitoring in place to prevent unauthorised access.”
One of the rule sets out how a car should respond to malicious hacking attempts, by stating “The system must be able to withstand receiving corrupt, invalid or malicious data or commands via its external and internal interfaces while remaining available for primary use. This includes sensor jamming or spoofing.”

Regarding operations security, the principles call for “Design controls to mediate transactions across trust boundaries, must be in place throughout the system. These include the least access principle, one-way data controls, full disk encryption and minimising shared data storage.”

I-HLS

You Might Also Read: 

Driverless Truck Fleet Gets UK Trial:

Protecting Future Cars from Cyber Attacks:

 

« GDPR - 10 Things You Must Know –
Tech Industry Has Written Women Out Of History »

Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

National Certification Authority CJSC

National Certification Authority CJSC

National Certification Authority CJSC is one of the leaders in the Russian market of issuing digital signature certificates

Cyber Future Foundation (CFF)

Cyber Future Foundation (CFF)

CFF was established to create a cyberspace where digital commerce and innovation can thrive based on trust and respect to individual privacy.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

Block Armour

Block Armour

Block Armour is a Mumbai and Singapore based venture focused on harnessing emerging technologies to counter growing Cybersecurity challenges in bold new ways.

CASES.lu

CASES.lu

CASES.lu is a government-driven initiative offering awareness-raising, a web resource and other tools to assist SMEs concerning information security.

AppTec

AppTec

AppTec is a leading software vendor in the field of Unified Endpoint Management and Mobile Security.

Trinity Cyber

Trinity Cyber

Trinity Cyber’s patent-pending technology stops attacks before they reach internal networks,reducing risk and increasing cost to adversaries.

Cloudburst Security

Cloudburst Security

Cloudburst Security specialize in providing a full spectrum of high-quality, innovative cybersecurity services to both government and commercial organizations.