Stories
Slash Boxes
Comments

SoylentNews is people

posted by FatPhil on Wednesday August 09 2017, @01:16AM   Printer-friendly
from the but-what-if-secure-means-rot-13 dept.

I must have banged my head and woken up in an alternate universe as something apparently reasonable seems to have emerged from inside the British government. It has issued a guidance on cyber security for "intelligent" vehicles:

[...]
Smart vehicles are increasingly becoming the norm on British roads – allowing drivers to access maps, travel information and new digital radio services from the driving seat.

But while smart cars and vans offer new services for drivers, it is feared would-be hackers could target them to access personal data, steal cars that use keyless entry, or even take control of technology for malicious reasons.

Now new government guidance will ensure engineers developing smart vehicles will have to toughen up cyber protections and help design out hacking. The government is also looking at a broader programme of work announced in this year's Queen's speech under the landmark Autonomous and Electric Vehicles Bill that aims to create a new framework for self-driving vehicle insurance.
[...]

The guidance contains eight key principles:

  1. Organisational security is owned, governed and promoted at board level
  2. Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
  3. Organisations need product aftercare and incident response to ensure systems are secure over their lifetime
  4. All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system
  5. Systems are designed using a defence-in-depth approach
  6. The security of all software is managed throughout its lifetime
  7. The storage and transmission of data is secure and can be controlled
  8. The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail

Each principle is fleshed out in slightly more detail and they also point out that the list is not intended to be exhaustive.

Now, dear Soylentils, what would you add to the list to come closer to completeness?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Unixnut on Wednesday August 09 2017, @08:21AM

    by Unixnut (5779) on Wednesday August 09 2017, @08:21AM (#551014)

    That is already governed under the "Government wants backdoors in all software/encryption" laws they are trying to push through. They are doing it right, and making sure the law is as broad as possible, so it can apply to "smart" cars, "smart" phones, "smart" meters, or anything else that has "smart" in its name and/or is connected to the net. The futility of asking for secure systems in one breath, then demanding government backdoors in another, is lost on them of course.

    Just means you have to avoid anything "smart" or net connected (that you don't have full control over). I foresee a future of the masses in gilded tech prisons, and a minority of people living on the edges of society as free men, but as social and tech outcasts.

    Basically, like those cyberpunk dystopias in sci-fi stories.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2