The Ministry of Road Transport and Highways (MoRTH) has introduced a draft proposal for uniform Cyber Security and Management Systems (CSMS) provisions for specific categories of four-wheelers, including both passenger and commercial vehicles. The aim is to safeguard these vehicles and their functions from potential cyber threats.
According to the draft titled ‘Approval of Vehicles with Regards to Cyber Security and Cyber Security Management System,’ vehicle manufacturers or their accredited representatives must submit applications for approval of vehicle types concerning cyber security. This move ensures that vehicles adhere to standardised cyber security measures.
The draft report outlines the efforts made by the Automotive Industry Standards Committee (AISC) during its 66th meeting in July 2023 to formulate an Automotive Industry Standard (AIS). This standard focuses on the approval of vehicles equipped with Cyber Security and Management Systems (CSMS). Its purpose is to establish uniform provisions for CSMS integrated into motor vehicles falling under categories M and N.
The proposed standard acknowledges that it should not override existing standards or regional and national legislations governing authorised access to vehicle data, functions, and resources. It also respects national and regional privacy laws pertaining to the protection of personal data.
As part of the proposed standards, vehicle manufacturers are expected to implement suitable and proportional measures to secure dedicated environments on vehicle types for the storage and execution of aftermarket software, services, applications, or data. This is a crucial step to ensure cyber security.
The draft report clarifies that cybersecurity pertains to safeguarding road vehicles and their functions from cyber threats, particularly those targeting electrical or electronic components. CSMS, on the other hand, refers to a systematic risk-based approach that outlines organisational processes, responsibilities, and governance to manage and mitigate risks associated with cyber threats to vehicles, ultimately protecting them from cyberattacks.