The laws will outline how vehicle manufactures need to behave if they want computerized cars in the UK.
Developed by the Department for Transport with help from the Centre for the Protection of National Infrastructure (CPNI) — leaders in security, providing resources, guidance and expert advice to help protect and keep businesses secure from external threats — the guidelines were launched by transport minister Lord Callanan.
There has been much talk over recent months about self-driving cars in the UK.
In April 2017, the UK government confirmed that driverless cars would get a huge financial boost, as a group of technology companies, researchers and authorities such as Transport for London (TFL) landed millions in funding to push self-driving vehicles on to Britain's roads.
As a result of this investment, the UK government made it clear that it would provide a road map of major carmakers as well as laws for manufactures to follow.
As vehicles become more intelligent, we’ve launched new guidance to help protect against cyber attacks https://t.co/tmSAs4OJYD pic.twitter.com/2KEvLtxtPh
— Dept for Transport (@transportgovuk) 7 August 2017
The 2016 Queens Speech included a Modern Transport Bill, which outlined what needed to be done to support the introduction of driverless cars in the UK and over the coming years.
However, these new guidelines offer stricter laws which state that car manufactures must work together on security, both in design process and also have a plan in place for years after self-driving cars hit the roads.
The eight principles, outlined by the UK government are:
- The organizational security is owned, governed and promoted at a board level
- Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
- Organizations need product aftercare and incident response to ensure systems are secure over their lifetime
- Systems are designed using a defense-in-depth approach
- The security of all software is managed throughout its lifetime
- The storage and transmission of data is secure and can be controlled
- The system is designed to be resilient to attacks and respond appropriately when its defenses or sensors fail
The guidelines each have sub-principles and also ensure that engineers look at cybersecurity threats ahead of time, as they develop new vehicles.
"Whether we're turning vehicles into WiFi-connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks," Lord Callanan said in a statement.
"Our key principles give advice on what organizations should do, from the board level down, as well as technical design and development considerations," he added.
However, it seems that other countries may have already beaten the UK in setting up rules for driverless cars.
The German transport minister, Alexander Dobrindt, beat the UK government to it, when in 2015 he pointed out that driverless vehicles would inevitably become a feature on German roads within a few years, insisting that some rules needed to be outlined first.
