The development of modern vehicles goes hand in hand with three key trends: digitization, connectivity, and autonomous vehicles. In addition to general security aspects relating to technology and the like, cyber security aspects are playing an increasingly important role in this context. NDS.Live can support navigation developers comply with data security regulations. Furthermore, map data can be used to improve ADAS and AD safety. Examples being Operational Design Domain (ODD) limitation, support for insufficient sensor performance, location-based information that cannot be derived from sensors and localization in general.
Relevant regulations for automotive cyber security
Automotive cybersecurity and data security in navigation development are critical concerns in today’s connected and autonomous vehicle landscape. Several standards and regulations guide and regulate these aspects:
ISO/SAE 21434: This international standard for automotive cybersecurity engineering provides a framework for assessing and managing cybersecurity risks in the automotive industry. ISO/SAE 21434 aims to create a uniform terminology for cybersecurity engineering, defining minimum requirements for cyber security engineering processes and activities, and promoting collaboration between the parties involved, thus describing the state of the art of cyber security engineering.
UNECE WP.29 Regulation No. 155: This regulation, adopted by the United Nations Economic Commission for Europe, sets out cybersecurity requirements for securing connected vehicles.
NHTSA Cybersecurity Best Practices: The National Highway Traffic Safety Administration in the US offers guidelines and best practices for automotive cybersecurity.
The Cybersecurity Act (EU): This regulation applies to the European Union and addresses the security of network and information systems, including those used in the automotive industry.
Automotive Cybersecurity Best Practices (e.g., SAE J3061): These industry standards and guidelines, such as the Society of Automotive Engineers (SAE) J3061, provide recommendations for cybersecurity practices in the automotive sector.
Privacy Regulations (e.g., GDPR): Privacy regulations like the General Data Protection Regulation (GDPR) in the EU apply to the collection and handling of personal data in vehicles.
Cyber and Data Security for Map Developers
It’s important for map developers and navigation experts to stay up-to-date with evolving cybersecurity threats and regulations and to continuously improve their security measures to protect user data and maintain trust in their services. Collaborating with cybersecurity experts and engaging in industry-specific associations can help ensure best practices are followed.
Map developers and navigation experts should consider the following data security aspects:
Data Encryption: Ensure that map data and user information are encrypted both during transmission and storage to prevent unauthorized access.
Access Control: Implement strict access controls and user authentication mechanisms to limit who can access and modify map data and related systems.
Data Minimization: Collect and store only the data necessary for navigation and map services, minimizing the risk associated with excessive data storage.
Data Anonymization: Anonymize or pseudonymize data to protect user privacy when possible.
Secure APIs: If offering APIs, secure them with proper authentication and authorization mechanisms to prevent misuse.
Regular Security Audits: Perform regular security audits and penetration testing to identify and rectify vulnerabilities.
Compliance with Privacy Regulations: Ensure compliance with relevant privacy regulations, such as GDPR, by obtaining user consent when necessary and respecting user data rights.
Security Training: Train staff on cybersecurity best practices to prevent security breaches and data leaks.
Incident Response Plan: Develop a robust incident response plan to address security breaches promptly and minimize their impact.
Supplier Security: Assess the security practices of third-party suppliers and partners who handle map data or contribute to navigation solutions.
How NDS helps with security regulations
As a data standard for map data and navigation NDS can play a significant role in helping navigation developers comply with data security regulations.
The following aspects are in focus:
Data Standardization: NDS provides a standardized format for map data and navigation information. Standardization simplifies data handling and can help ensure that sensitive data is properly managed and secured at all stages, from collection to storage and transmission.
Access Controls: NDS can define and standardize access controls for different components of map data. This can help navigation developers implement fine-grained access permissions, ensuring that only authorized users or systems can access specific data, in compliance with data security regulations.
Encryption: NDS can include standards and recommendations for data encryption both during transmission and storage. It can define encryption algorithms and key management practices to protect sensitive information from unauthorized access.
Authentication and Authorization: The standard can specify authentication and authorization mechanisms for accessing NDS data. This ensures that only authenticated and authorized users can access and modify map data, enhancing data security.
Data Minimization: NDS can support data minimization by providing guidelines on what data should be included in map databases. By including only necessary information, navigation developers can reduce the risk associated with excessive data storage, improving data security and complying with privacy regulations.
User Privacy: NDS can address user privacy concerns by including standards for data anonymization or pseudonymization. This can help navigation developers protect the privacy of users while still providing essential navigation services.
Security Updates: NDS can facilitate the implementation of security updates and patches. Developers can follow the standard to keep the map data and navigation systems secure by quickly addressing vulnerabilities and ensuring compliance with evolving security requirements.
Incident Response: The standard can include recommendations for incident response procedures in case of security breaches. It can provide guidance on how to detect and respond to security incidents in a manner compliant with regulations.
Regulatory Compliance: NDS can be designed to align with relevant data security and privacy regulations, making it easier for navigation developers to ensure compliance. By following the standard, developers can demonstrate their commitment to data security and regulatory compliance.
By adopting and adhering to NDS, navigation developers can create a solid foundation for data security and regulatory compliance in their navigation solutions. This can help maintain user trust, protect sensitive information, and mitigate the risk of data breaches and legal consequences. Additionally, it can streamline development processes and interoperability across different navigation systems and platforms.