BSI publishes new recommendations for a connected automotive ecosystem

17 January 2018

BSI, the business standards company, has published PAS 11281:2018 Connected automotive ecosystems – Impact of security on safety – Code of Practice, to provide recommendations for managing security risks that might lead to a compromise of safety in a connected automotive ecosystem.

The broader transportation industry has witnessed considerable disruption already, as both cars and on and off-road vehicles become more connected to their surrounding infrastructure. Many cars and vehicles are already connected and therefore able to send and receive data, and communicate with their surroundings, which can make them vulnerable to cyber-attacks. Such challenges in this evolving auto tech sector have created a requirement for reliable guidance to help address any factors that might affect security and ultimately safety.

The speed with which this sector is changing raises questions over whether all potential risk factors are being identified, or if sufficient contingency plans are in place.

It is with this in mind that BSI has published recommendations covering the entire connected automotive ecosystem and its constituent systems throughout their lifetimes (including manufacturing, supply chain and maintenance activities).

PAS 11281 was drafted after consultation with a number of experts from various organizations1, then underwent a peer and public review and was published as a consensus document using an outcome based approach.

The scope of the document covers potential risks to single systems through to multiple systems and considers the interdependencies and vulnerabilities. One example is the direct link between cyber security and safety. Any compromise to the cyber aspect of a cyber-physical system can manifest itself in the physical world, such as those used in connected vehicles.

Anne Hayes, Head of Governance and Resilience at BSI, said: “This PAS is intended to be used by manufacturers, operators and maintainers of products, systems and services used in a connected automotive ecosystem. The technology supporting automotive transport has been evolving rapidly over the last few years and connected and autonomous vehicles are now a reality.

“These recommendations aim to help organizations to ensure that security related risks in their products, services or activities do not pose unacceptable risks to safety.”

PAS 11281 complements the recently published PAS 1885:2018 The fundamental principles of automotive cyber security, which was announced by the Department for Transport last month.  PAS 1885 sets out the fundamental principles for protecting vehicles and vehicle systems from cyber threats across the whole automotive life-cycle, from design to de-commissioning.  

For more information on PAS 11281, managing security risks to safety in the connected automotive ecosystem visit:  


- ENDS -


Notes to the editor:

1The following organizations were involved in the development of this PAS:

Adelard; Atkins; Automotive Electronic Systems Innovation Network (AESIN); BodVoc; Centre for the Protection of National Infrastructure (CPNI); Defence Science and Technology Laboratory (Dstl); Department of Transport; Halfords Autocentres; Highways England; HORIBA MIRA; McLaren Automotive Ltd; Ricardo; Stagecoach Group; The National Cyber Security Centre (NCSC); Waverley House Consultancy Ltd.