"Whether we're turning vehicles into wifi-connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks. Our key principles give advice on what organizations should do, from the board level down, as well as technical design and development considerations."
Known collectively as "the key principles of vehicle cyber security for connected and automated vehicles," the guidelines consist of eight security best practices that organizations in the automotive sector are expected to follow. Each of those directions contain sub-principles that provide more targeted instruction.
For instance, Principle 2.4 asserts that actors in the automotive industry should leverage "design, specification and procurement practices" to address security risks relating to or encompassing supply chains, and service providers, and sub-contractors. Principle 5.2 meanwhile emphasizes the importance of crafting security architecture that implements segmentation techniques and defense in depth.
The final guideline covers resilience against digital attacks and how organizations should respond when their smart cars' defenses and/or sensors fail. Here's what the first sub-principle of this direction recommends:
"The system must be able to withstand receiving corrupt, invalid or malicious data or commands via its external and internal interfaces while remaining available for primary use. This includes sensor jamming or spoofing."
Callanan and his fellow ministers at the Department of Transport might ultimately add on to their list of principles. In the meantime, they're working with the UK government to craft new legislation that addresses insurance for self-driving cars. Their statement of intent to consider such legislation makes clear that "insuring modern vehicles will provide protection for consumers if technologies fail."