Guidance

Principles of cyber security for connected and automated vehicles

Overview of the principles for obtaining good cyber security within the automotive sector.

Documents

The key principles of vehicle cyber security for connected and automated vehicles

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email webmasterdft@dft.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Quick start guide to vehicle cyber security

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email webmasterdft@dft.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Details

As vehicles continue to become smarter, it’s crucial that we take the correct steps to make them cyber secure.

The 8 principles in this guidance set out how the automotive sector can make sure cyber security is properly considered at every level, from designers and engineers, through to suppliers and senior level executives.

The quick start guide to vehicle cyber security lists the 8 principles:

  1. organisational security is owned, governed and promoted at board level
  2. security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
  3. organisations need product aftercare and incident response to ensure systems are secure over their lifetime
  4. all organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system
  5. systems are designed using a defence-in-depth approach
  6. the security of all software is managed throughout its lifetime
  7. the storage and transmission of data is secure and can be controlled
  8. the system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail
Published 6 August 2017