Cyber Security Standard for connected and automated vehicles
08/01/19 13:43 Filed in: Connected Vehicles | Cyber Security
The British Standards Institute (BSI) has recently published its standard for cyber security for connected and automated vehicles, PAS 1885:2018. The standard builds upon the key principles guidance published by H.M. Government in 2018 which can be found here.
As is often the case, the BSI, being a commercial organisation, charges £120.00 for the PDF copy of the standard if you are a non-member, details of which can be found on the BSI website.
There are 8 Principles thus:
Principle 1 - Organisational security is owned, governed and promoted at board level - there are four sub Principles.
Principle 2 - Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain (again there are 4 sub Principles).
Principle 3 - Organisations need product aftercare and incident response to ensure systems are secure over their lifetime (again there are 4 sub Principles).
Principle 4 - All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system (again there are 4 sub Principles).
Principle 5 - Systems are designed using a defence-in-depth approach (again there are 4 sub Principles).
Principle 6 - The security of all software is managed throughout its lifetime (again there are 4 sub Principles).
Principle 7 - The storage and transmission of data is secure and can be controlled (there are 3 sub Principles).
Principle 8 - The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail (there are 2 sub Principles).
These may seem to be "motherhood and apple pie" Principles, but the basics can sometimes be overlooked. The Government website referred to above also provides useful links to other related information from:
As is often the case, the BSI, being a commercial organisation, charges £120.00 for the PDF copy of the standard if you are a non-member, details of which can be found on the BSI website.
There are 8 Principles thus:
Principle 1 - Organisational security is owned, governed and promoted at board level - there are four sub Principles.
Principle 2 - Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain (again there are 4 sub Principles).
Principle 3 - Organisations need product aftercare and incident response to ensure systems are secure over their lifetime (again there are 4 sub Principles).
Principle 4 - All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system (again there are 4 sub Principles).
Principle 5 - Systems are designed using a defence-in-depth approach (again there are 4 sub Principles).
Principle 6 - The security of all software is managed throughout its lifetime (again there are 4 sub Principles).
Principle 7 - The storage and transmission of data is secure and can be controlled (there are 3 sub Principles).
Principle 8 - The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail (there are 2 sub Principles).
These may seem to be "motherhood and apple pie" Principles, but the basics can sometimes be overlooked. The Government website referred to above also provides useful links to other related information from:
- SAE International
- ISO
- DEFSTAN
- NIST, and
- others including BSI, H.M. Government and industry / de facto standards such as OWASP.