Credit: Philip Toscano/PA Archive/PA Images

A set of cybersecurity standards for manufacturers of self-driving cars has been published today by the British Standards Institute.

The guidance document was developed by the BSI in conjunction with the National Cyber Security Centre, as well as a range of automotive industry firms, including Ford, Bentley, and Jaguar Land Rover. Funding for the project was provided by the Department for Transport.

The 56-page document is intended to set a benchmark for the cybersecurity requirements of autonomous vehicles. Adherence to the standards will allow manufacturers to demonstrate their security credentials, the government said.

Related content

The document took as its starting point a government publication which last year set out eight “key principles” for the security of driverless and internet-enabled vehicles. These principles are:

Organisational security is owned, governed, and promoted at board level

Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain

Organisations need product aftercare and incident response to ensure systems are secure over their lifetime

All organisations, including sub-contractors, suppliers and potential third parties, work together to enhance the security of the system

Systems are designed using a defence-in-depth approach

The security of all software is managed throughout its lifetime

The storage and transmission of data is secure and can be controlled

The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail

Commenting on the publication of the new standard, future of mobility minister Jesse Norman said: “As vehicles get smarter, major opportunities for the future of mobility increase. But so too do the challenges posed by data theft and hacking. This cybersecurity standard should help to improve the resilience and readiness of the industry, and help keep the UK at the forefront of advancing transport technology.”