Standards company, BSI has published a code of practice for managing the security risks related to connected automotive ecosystems. The speed with which this sector is changing raises questions, the company says, over whether all potential risk factors are being identified; or if sufficient contingency plans are in place. BSI’s recommendations cover the entire connected automotive ecosystem and its constituent systems, including manufacturing, supply chain and maintenance activities.

PAS 11281 was drafted after consultation with a number of subject matter experts from various organisations, as well as a peer and public review.

The scope of the document covers potential risks to single systems through to multiple systems and considers the interdependencies and vulnerabilities. One example is the direct link between cyber security and safety. Any compromise to the cyber aspect of a cyber-physical system can manifest itself in the physical world, such as those used in connected vehicles.

Head of governance and resilience at BSI, Anne Hayes said: “This PAS is intended to be used by manufacturers, operators and maintainers of products, systems and services used in a connected automotive ecosystem. The technology supporting automotive transport has been evolving rapidly over the last few years and connected and autonomous vehicles are now a reality.

“These recommendations aim to help organisations to ensure that security related risks in their products, services or activities do not pose unacceptable risks to safety.”

PAS 11281 complements the recently published PAS 1885:2018 (The Fundamental Principles of Automotive Cyber Security), which sets out the fundamental principles for protecting vehicles and vehicle systems from cyber threats across the whole automotive lifecycle, from design to decommissioning.

Share Story: