• Content Type

GB30365540

Connected automotive ecosystems. Impact of security on safety. Code of practice

Last updated: 7 Jan 2025

Development Stage

Pre-draft

Draft

Published

31 Dec 2018

Abstract

This PAS gives recommendations for managing security risks that might lead to a compromise of safety in a connected automotive ecosystem.

The PAS covers both the entire connected automotive ecosystem and its constituent systems throughout their lifetimes (including manufacturing, supply chain and maintenance activities). The ecosystem includes vehicles (both those used on public roads, such as cars, and those used for off-road activities such as farming and mining), as well as road-side and other static infrastructure, communication channels between vehicles and infrastructure, servicing and repair facilities, digital services, data and information and other services that support the proper operation of road transport. All levels of vehicle automation and autonomy are in scope.

The PAS applies to risks that can affect a single system, a few systems, or are on a small scale. It also gives recommendations for managing systemic risks – wider risks which might appear small, but which become more significant when interdependencies are considered and where the vulnerability of a single or a few entities poses more widespread risk.

The PAS is intended to be used by manufacturers, operators and maintainers of products, systems and services used in a connected automotive ecosystem. This includes manufacturers of vehicle subsystems, vehicle manufacturers, maintenance organizations, infrastructure operators, owners of large vehicle fleets, and digital service providers.

This PAS might be of interest to regulators and other stakeholders in the connected automotive ecosystem and to users/operators of vehicles. © BSI 2022 All rights reserved

Scope

What is PAS 11281 – Security on safety in connected automotive ecosystems about?

PAS 11281 is the international standard on road vehicles that gives recommendations for managing security risks that might lead to a compromise of safety in a connected automotive ecosystem.

The ecosystem includes vehicles as well as road-side and other static infrastructure, communication channels between vehicles and infrastructure, servicing and repair facilities, digital services, data and information and other services that support the proper operation of road transport.

PAS 11281 applies to risks that can affect a single system, a few systems or are on a small scale. PAS 11281 also gives recommendations for managing systemic risks – wider risks that might appear small, but which become more significant when interdependencies are considered and where the vulnerability of a single or a few entities poses a more widespread risk.

NOTE 1: PAS 11281 covers both the entire connected automotive ecosystem and its constituent systems throughout their lifetimes.

NOTE 2: All levels of vehicle automation and autonomy are covered in PAS 11281.

Who is PAS 11281 – Security on safety in connected automotive ecosystems for?

PAS 11281 on the connected automotive ecosystem is useful for:

  • Manufacturers of vehicle subsystems
  • Vehicle manufacturers
  • Maintenance organizations
  • Infrastructure operators
  • Owners of large vehicle fleets
  • Digital service providers

Why should you use PAS 11281 – Security on safety in connected automotive ecosystems?

The connected automotive ecosystem encompasses vehicles and all assets and activities that support the proper functioning of road transport and other off-road systems.

PAS 11281 provides the security policy, organization and culture as well as the responsibility and accountability for security-informed safety issues.

Risk management and asset management are described in PAS 11281 that is required to deliver, maintain or support the security and safety of the organization’s products, systems and services.

Security-aware development process all safety-relevant services or products are also given in PAS 11281.

PAS 11281 guides you through effective defences measures to protect the assets, systems and services that are under control and that affect the safety of the connected automotive ecosystem against attack.

PAS 11281 specifies an incident management plan to manage events that indicate potential risk to the safety of their assets, products, systems and services. Secure and safe design principles of safety systems are also specified in PAS 11281.

Overall, PAS 11281 helps you in the manufacturing of connected and autonomous vehicles ecosystem ensuring the security-related risks in the products, services or activities that don’t pose an unacceptable safety risk in the physical world.

© BSI 2022 All rights reserved

External Links

BSI webpage
[site_reviews_summary assigned_posts=”post_id” hide=”bars,if_empty” text=”{rating} out of {max} stars ({num} reviews)”]

Let the community know

Categorisation

Domain: Transport and autonomous vehicles
Scope: AI-specific
Topic: Accountability, Data protection, Interoperability, Risk management, Safety, Security and resilience
Application: Robotics and autonomous systems
Type: Process, management and governance

Key Information

Organisation: BSI
Relevant UK committee: ZZ/1
Share on XShare on LinkedIn

Discussion

[check_original_title]