On the 6th August 2017, the UK government released its latest guidelines to protect against increasing levels of cyber-attacks. The latest principles focus upon connected and automated vehicles. As vehicles become smarter from basic Wi-Fi connectivity to autonomous cars the level of threat from potential cyber-attack grows. There has already been some very high profile headlines of connected vehicles being hacked.
These principles from the Department for Transport, in conjunction with Centre for the Protection of National Infrastructure (CPNI), have been created to ensure all parties involved with manufacturing vehicles have a consistent set of guidelines.
The 8 key principles include:
- Principle 1 – organisational security is owned, governed, and promoted at board level
- Principle 2 – security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
- Principle 3 – organisations need product aftercare and incident response to ensure systems are secure over their lifetime
- Principle 4 – all organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system
- Principle 5 – systems are designed using a defence-in-depth approach
- Principle 6 – the security of all software is managed throughout its lifetime
- Principle 7 – the storage and transmission of data is secure and can be controlled
- Principle 8 – the system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail
Note: This list is not intended to be exhaustive. Further standards and guidance may be applicable.
The UK government is committed to making the UK a secure and resilient digital nation and T&VS is playing its part, including:
- T&VS bring V&V expertise to innovate UK funded autonomous commercial vehicles project
- AESIN 2017 Conference (Automotive Electronic Systems Innovation Network) Dr. Mike Bartley, Founder, and CEO of T&VS, will present the latest updates on the recently announced CAPRI Project
Let T&VS ensure you are protected going forward. Our security team will analyse your infrastructure for potential weaknesses and provide assistance in ongoing security measures. If you would like to know more, please see T&VS Security or contact us via email. T&VS experts will provide a simple step-by-step guide to the actions you can take now to ensure your systems are protected.