BSI, the business standards company, has published PAS 11281:2018 Connected automotive ecosystems – Impact of security on safety. The code of practice is to provide recommendations for managing security risks that might lead to a compromise of safety in a connected automotive ecosystem.
As British Standards says, cars and vehicles are already connected and therefore able to send and receive data, and communicate with their surroundings, which can make them vulnerable to cyber-attacks. Such challenges in this evolving auto tech sector have created a requirement for reliable guidance to help address any factors that might affect security and ultimately safety, BSI says. It raises questions over whether all potential risk factors are being identified, or if sufficient contingency plans are in place.
Hence BSI has published recommendations covering the entire connected automotive ecosystem and its constituent systems throughout their lifetimes (including manufacturing, supply chain and maintenance activities). PAS 11281 was drafted after consultation with various bodies, such as Highways England and the official Centre for the Protection of National Infrastructure (CPNI); then underwent a peer and public review and was published as a consensus document using an outcome-based approach.
The scope of the document covers potential risks to single systems through to multiple systems and considers the interdependencies and vulnerabilities. One example is the direct link between cyber security and safety. Any compromise to the cyber aspect of a cyber-physical system can manifest itself in the physical world, such as those used in connected vehicles.
Anne Hayes, Head of Governance and Resilience at BSI, said: “This PAS is intended to be used by manufacturers, operators and maintainers of products, systems and services used in a connected automotive ecosystem. The technology supporting automotive transport has been evolving rapidly over the last few years and connected and autonomous vehicles are now a reality. These recommendations aim to help organisations to ensure that security related risks in their products, services or activities do not pose unacceptable risks to safety.”
PAS 11281 complements the recently published PAS 1885:2018 The fundamental principles of automotive cyber security, which was announced by the Department for Transport last month. For more information on PAS 11281, managing security risks to safety in the connected automotive ecosystem visit: https://shop.bsigroup.com/PAS11281.
