New cybersecurity standards for manufacturers of self-driving cars

A set of cybersecurity standards for manufacturers of self-driving cars has been published today by the British Standards Institute.

The guidance document was developed by the BSI in conjunction with the National Cyber Security Centre, as well as a range of automotive industry firms, including Ford, Bentley, and Jaguar Land Rover. Funding for the project was provided by the Department for Transport.

The 56-page document is intended to set a benchmark for the cybersecurity requirements of autonomous vehicles. Adherence to the standards will allow manufacturers to demonstrate their security credentials, the government said.

Transport minister Jesse Norman said: “As vehicles get smarter, major opportunities for the future of mobility increase. But so too do the challenges posed by data theft and hacking. This cybersecurity standard should help to improve the resilience and readiness of the industry, and help keep the UK at the forefront of advancing transport technology.”

The document took as its starting point a government publication which last year set out eight “key principles” for the security of driverless and internet-enabled vehicles, including that organisational security is owned, governed, and promoted at board level, that security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain, and that organisations will need product aftercare and incident response to ensure systems are secure over their lifetime.

Under the plans, all organisations, including sub-contractors, suppliers and potential third parties, will work together to enhance the security of the system, and systems will be designed using a defence-in-depth approach.