What is this PAS about?
As vehicles get smarter and their connectivity and integration with outside systems increases, so too does the need for vehicle and vehicle systems-related cyber security. This PAS has been written to help all parties involved in the vehicle lifecycle and ecosystem understand better how to improve and maintain vehicle security and the security of associated intelligent transport systems (ITS).
Who is this PAS for?
- Vehicle manufacturers
- Tier-1 and Tier-2 supply chain suppliers
- Authorized service centres
- Aftermarket suppliers
- Road/highways authorities
- Service providers to both the vehicle and its occupants and/or cargo
It might also be informative for other stakeholders in the automotive supply chain and operators of automotive vehicles.
Why should you use this PAS?
PAS 1885 is based on a high-level set of guidelines developed by the UK Department for Transport (DfT) in conjunction with the Centre for the Protection of National Infrastructure (CPNI).
It sets out fundamental principles on how to provide and maintain cyber security in relation to reducing threat and harm to products, services and systems within increasingly connected and collaborative intelligent transport ecosystems.
The concept of an automotive ecosystem encompasses:
- Vehicles
- Related infrastructure, including road-side and remote systems that provide services to the vehicles, their operators, occupants and cargo
- The human elements, including vehicle owners and/or operators, designers, manufacturers and service providers
This PAS applies to the security and functional safety aspects of the entire automotive development and use life cycle, including specification, design, implementation, integration, verification, validation, configuration, production, operation, servicing and decommissioning. A lifecycle approach is required to tackle all the risks that will arise from a constantly changing threat landscape, so as to protect vehicles and vehicle-related systems once they have been delivered to the market.
It’s recognized that at the date of issue of this PAS:
- There is a large fleet of vehicles in use
- These vehicles will have varying degrees of connectivity and automation
- The degree to which security has been considered as part of the design and manufacture will vary depending on the age, nature and complexity of the vehicle
The PAS is intended to apply to new or modified products, systems and services. Its adoption does not require vehicle manufacturers, suppliers or service providers to apply its provisions retroactively.
NOTE: PAS 11281:2018 addresses the relationship between automotive safety and security and ISO 26262 addresses the functional safety of road vehicles.