CPNI – Principles of cyber security for connected and automated vehicles

CPNI - Principles of cyber security for connected and automated vehicles

Organization: UK Department for Transport, Centre for the Protection of National Infrastructure, and Centre for Connected and Autonomous

Reference: Principles of cyber security for connected and automated vehicles

Published on: 6 August 2017

As vehicles continue to become smarter, it’s crucial that we take the correct steps to make them cyber secure.

The 8 principles in this guidance set out how the automotive sector can make sure cyber security is properly considered at every level, from designers and engineers, through to suppliers and senior level executives.

The quick start guide to vehicle cyber security lists the 8 principles:

  1. organisational security is owned, governed and promoted at board level
  2. security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
  3. organisations need product aftercare and incident response to ensure systems are secure over their lifetime
  4. all organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system
  5. systems are designed using a defence-in-depth approach
  6. the security of all software is managed throughout its lifetime
  7. the storage and transmission of data is secure and can be controlled
  8. the system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail