The United Kingdom Sunday published a new set of cybersecurity requirements for self-driving cars that encourages automakers to protect connected vehicles from hackers.

According to the U.K.’s Department for Transport and the Centre for the Protection of National Infrastructure, cybersecurity is as vital to connected vehicles as any other safety measures.

“Whether we’re turning cars into Wi-Fi connected hotspots or equipping them with millions of lines of code to create fully autonomous vehicles, cars are more vulnerable than ever to hacking and data theft,” the introduction to the new guidelines says. “It’s essential that all parties involved in the manufacturing supply chain, from designers and engineers, to retailers and senior level executives, are provided with a consistent set of guidelines that support this global industry.”

The U.K.’s new guidelines list out eight key principles for automakers to follow when handling security for connected vehicles:

1. Organizational security is owned, governed and promoted at board level.
2. Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain.
3. Organizations need product aftercare and incident response to ensure systems are secure over their lifetime.
4. All organizations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system.
5. Systems are designed using a defense-in-depth approach.
6. The security of all software is managed throughout its lifetime.
7. The storage and transmission of data is secure and can be controlled.
8. The system is designed to be resilient to attacks and respond appropriately when its defenses or sensors fail.

The U.K.’s primary focus with these guidelines seems to be ensuring that security practices are maintained for each phase of a car’s lifecycle, including design, manufacturing and years or even decades of consumer use. The DfT also wants data shared by vehicles to be secure and private. The organization said that its list is not meant to be exhaustive, and it encourages automakers to keep up to date on relevant standards in their industry.

Most automakers reject fears that their cars could be hacked remotely, but the U.K. DfT’s fears are far from science fiction. Last year, a research team from Tencent Holdings Ltd.’s Keen Security Lab discovered a vulnerability in Tesla’s Control Area Network, which allowed them to remotely activate the brakes in a Tesla Model S. They were also able to control several nonvital systems such as the vehicle’s windows, sunroof, windshield wipers and more.

Tesla quickly patched the vulnerability after it was reported by Tencent’s team, and the automaker was quick to point out that the researchers had to connect the vehicle intentionally to a compromised Wi-Fi hub to take advantage of it. Still, this demonstrated that it is theoretically possible for hackers to control important systems in a connected vehicle remotely, which is a fear the auto industry will have to struggle with for years to come.

Photo: Kurayba Palace of Westminster via photopin (license)