"Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we’re turning vehicles into wifi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks," said UK Transport Minister Lord Callanan. "That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations.
The guidelines requires secure design principles, with all aspects of security (physical, personnel and cyber) are integrated into the product and service development process. There are also long term implications as organisations need product aftercare and incident response to ensure systems are secure over their lifetime. Vehicles also cannot have single points of failure, security by obscuration or anything which cannot be readily changed should it be compromised.
The guidlelines extend all the way through the supply chain, requiring that it is possible to ascertain and validate the authenticity and origin of all devices and sub-systems within the supply chain.
The specification is at www.gov.uk/government/publications/principles-of-cyber-security-for-connected-and-automated-vehicles/the-key-principles-of-vehicle-cyber-security-for-connected-and-automated-vehicles