Cyber security principles “Cyber security principles” provide outcome based objectives that can be used to demonstrate how organisations are implementing cyber security over the lifetime of the vehicle. These can be used by vehicle manufacturers, sub-contractors, suppliers and providers chosen by the manufacturer.
Demonstration of how these principles objectives can be met is not explicitly defined in this paper. Instead it is recommended that through the use of relevant standards, processes and implementing appropriate mitigations organisations should be able to evidence how they are meeting the objectives corresponding to requests from authorities.
Organisations should be able to demonstrate they are obtaining the following are the top level cyber security principles:
Organisational principles:
Organisational security should be owned, governed and promoted at board level;
Security risks shall be assessed and managed appropriately and proportionately, including those specific to the supply chain;
All organisations, including sub-contractors, suppliers and potential 3rd parties, should work together to enhance the security of the system.
Design principles:
Systems shall be designed using a defence-in-depth approach;
appropriate measures to manage cryptographic keys;
The integrity of internal communications between controllers within vehicles should be protected e.g. by authentication;
Online Services for remote access into vehicles should have a strong mutual authentication and assure secure communication (confidential and integrity protected) between the involved entities;
To prevent non-authorized access to vehicles via the “cyberspace” automotive manufacturers, component/system suppliers and service providers shall ensure the secure encryption of data and communications;
Automotive manufacturers, component/system suppliers and service providers must ensure that there is adequate protection against manipulation and misuse both of the technical structure and of the data and processes;
Standards for the functional safety of critical electric and electronic components or systems in vehicles, such as ISO 26262, shall be applied in the light of security-related requirements for vehicles;
The connection and communication of vehicles shall not influence internal devices and systems generating internal information necessary for the control of the vehicle without appropriate security measures;
The connection and communication of vehicles shall be designed to avoid fraudulent manipulation to the software of those vehicles as well as fraudulent access of the board information caused by cyber-attacks through wireless connections;
The security of all software is managed throughout its lifetime.
Data protection principles:
The storage and transmission of data is secure and can be controlled;
Response principles
Organisations shall have product aftercare and incident response plans to ensure systems are secure over their lifetime;
The vehicle shall be designed to be resilient to attacks and respond appropriately when its defences or sensors fail, including;
When a vehicle detects fraudulent manipulation by a cyber-attack, the system shall warn the driver and, if appropriate, control the vehicle safely according to the above requirements.
Vehicles shall be equipped with measures to ensure a safe mode in case of system malfunction, e.g. by redundancy in the system.
Verification principles
The protection of vehicles requires verifiable security measures.
Applicable security standards (e.g. ISO 27000 series, ISO/IEC 15408) may be used to for verification purposes or to demonstrate the procedures and measures implemented.
Further detail on the principles and the reference materials used to define these principles are provided in annex 1 and 4 respectively.
Principles which are provided in annex 1 and 4 should be maintained by the administration of ITS/AD.