Though lifetime support – assessments after production. Organisations should be able to demonstration how they plan to maintain adequate protection and adherence to the cyber security principles outlined in this document over the lifetime of their vehicles.
This capability is required so that they can demonstrate that the safety and availability of vehicles and their systems is maintained in the face of changing cyber threats. This is particularly important for safety critical systems, including type approved systems.
Organisations should have the capability to identify evolving threats to their systems and vehicles. This could include identification of cyber-attacks against their vehicles and those that might be possible as potential vulnerabilities are exposed or the capability to attack their vehicles changes.
Organisations should have the capability to assess whether the security measures implemented continue to offer appropriate protection against any evolving or new cyber threat. This should consider whether the safety or availability of the vehicle, or its functions, are affected.
Organisations should plan for the eventuality that the security measures applied to the vehicle may need to be enhanced. For example, for a given system, organisations might identify possible mitigations that could be needed to address future threats; who would be able to undertake them; and how; and implement any needed contingencies to permit this should it be required. Organisations should also consider what course of action they could take should a supplier no longer be able to support a system (for instance they are no longer in business). Such planning could mirror any similar activities and contingencies that are in place in case of safety recalls.
OEM’s should have the capability to conduct possible mitigating action that may be required. This is particularly important for maintenance of type approvals. The mechanism used will depend on the mitigation to be deployed. It may include the ability to conduct software updates of relevant systems, conduct product recalls (using existing procedures), or any other relevant mechanism.
Organisations should document how they will provide the capabilities and implement the plans provided above. This will provide them the means to evidence their capability and plans. This may include: who will perform the action; when it may be performed (for example the periodicity of any threat reviews); how it will be performed; any contingencies should their preferred method of action no longer be available (for instance a supplier is no longer available); and any actions relating to type approval bodies.