The Ministry of Road Transport and Highways (MoRTH) has proposed uniform Cyber Security and Management Systems (CSMS) provisions for certain categories of four-wheelers, passenger and commercial vehicles to protect their functions from cyber threats.
MoRTH, in a draft titled 'Approval of vehicles with regards to Cyber Security and Cyber Security management system', said that the application for approval of a vehicle type with regard to cyber security shall be submitted by the vehicle manufacturer or by their duly accredited representative.
"Based on the discussion in the 66th meeting of Automotive Industry Standards Committee (AISC) held on 14th July, 2023, the Committee agreed to formulate an Automotive Industry Standard (AIS) for approval of vehicles equipped with Cyber Security and Management Systems (CSMS).
Advertisement
"The purpose of this standard is to establish uniform provisions for CSMS fitted to motor vehicles of categories M and N," the draft report said.
According to the draft report, this standard is without prejudice to other standards, regional or national legislations governing the access by authorized parties to the vehicle, its data, functions and resources, and conditions of such access.
"It is also without prejudice to the application of national and regional legislation on privacy and the protection of natural persons with regard to the processing of their personal data," the draft report said.
According to the draft report, the vehicle manufacturer shall put in place appropriate and proportionate measures to secure dedicated environments on the vehicle type (if provided) for the storage and execution of aftermarket software, services, applications or data.
Advertisement
Cybersecurity means the condition in which road vehicles and their functions are protected from cyber threats to electrical or electronic components.
CSMS means a systematic risk-based approach defining organizational processes, responsibilities and governance to treat risk associated with cyber threats to vehicles and protect them from cyberattacks.
The draft will be notified after public consultation.