Eight principles for cyber security of automated vehicles

The legislation on insurance arrangements for automated driving is expected to re-emerge this the autumn, with the Queen’s Speech in June trailing the Automated and Electric Vehicles Bill (replacing the now-lapsed Vehicle Technology and Aviation Bill).

A further critical element of the regulatory regime associated with this rapidly developing technology is ensuring data security and integrity and that concern is front and centre of eight key principles published by the UK government on 6 August 2017.

The principles, most of which have three or four sub-principles, are aimed at the engineering and technology supplier sectors and focus on organisational security, risk management, incident response, traceability, data security and systems resilience. These last two elements speak also to data protection and to prevention from hacks or other malicious attacks.

The key principles are set out below (and online in full, with sub-principles, here).

  • Principle 1: organisational security is owned, governed and promoted at board level
  • Principle 2: security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
  • Principle 3: organisations need product aftercare and incident response to ensure systems are secure over their lifetime
  • Principle 4: all organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system
  • Principle 5: systems are designed using a defence-in-depth approach
  • Principle 6: the security of all software is managed throughout its lifetime
  • Principle 7: the storage and transmission of data is secure and can be controlled
  • Principle 8: the system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail

Some surveys report public scepticism about the use and adoption of driverless vehicles – see for example, this Raconteur Media report issued on 31 July 2017 quoting a Direct Line survey figure of only 39% of people feeling confident about the technology.

Against that background, it has to be hoped that these new principles, with their focus on organisational and operational security (and which benefit from being extremely clearly drafted), may help promote further awareness of this sector. In addition, the core concepts of accountability, risk management, supply chain traceability and data protection/integrity should be instantly recognisable to insurers interested in getting more involved in supporting the further development and adoption of automated driving technology.


Written by Alistair Kinley, director of policy and government affairs at BLM
Portrait photograph of Alistair Kinley, Director of Policy & Government Affairs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s