New regulations for autonomous driving: vehicles should adopt safety defense mechanism to prevent key data from being deleted without authorization.

2025年7月2日 | admin | C3

  Intelligent networked automobile industry ushered in heavy standards.

  On May 5th, according to the website of the Ministry of Industry and Information Technology, the First Division of Equipment Industry of the Ministry of Industry and Information Technology organized the National Technical Committee for Automobile Standardization to carry out the compilation and revision of four mandatory national standards, such as Technical Requirements for Vehicle Information Security and Intelligent Networked Auto-driving Data Recording System, which have formed a draft for comments, and are now open for comments from all walks of life.

  At present, China’s intelligent networked vehicles have turned from small-scale testing and verification to a new stage of rapid technological development and accelerated ecological construction, and the introduction of relevant standards is of great significance. According to the data previously released by the Ministry of Industry and Information Technology, in 2022, the sales of new intelligent networked passenger cars equipped with assisted autonomous driving systems in China reached 7 million, up 45.6% year-on-year, and the market penetration rate increased to 34.9%, up 11.4 percentage points from 2021. With the acceleration of automobile intelligent and networked transformation, it is urgent to manage automobile data security.

  The Technical Requirements for Vehicle Information Security (Draft for Comment) mainly stipulates the requirements for vehicle information security management system, general requirements for vehicle information security, technical requirements for vehicle information security, audit evaluation and test verification methods.

  For the information security of automobiles, one of the common concerns of consumers is that vehicles are remotely controlled and attacked. This document puts forward five requirements for "safety requirements for external connection of vehicles". It is mentioned that for third-party applications, automobile manufacturers should take protective measures for the installation and operation of their unauthorized third-party applications, such as prompting during installation, limiting their access rights, and preventing unauthorized third-party applications from accessing resource allocation, key parameters, important data, etc. of vehicle systems.

  For external interfaces, access control should be carried out for files in USB port access devices, and only files with specified format can be read and written or application software with specified signature can be installed or executed. It should have the ability to identify virus programs or virus-carrying media files/application software in USB port access devices and prohibit installation. When writing operation requests for vehicle key parameters through diagnostic interfaces, security policies such as identity identification and access control should be carried out.

  In addition, for the data code, the document clearly States that,Vehicles should adopt safety defense mechanism to protect the key data stored in the vehicle.To prevent it from being deleted and modified without authorization.

  For the development of autonomous driving, people in the industry have long called for "legislation first" and "standards first". The "Intelligent Networked Auto-driving Data Recording System" (draft for comments) issued this time stipulates the technical requirements and test methods of the intelligent Networked Auto-driving Data Recording System.

  It is worth noting that this document is applicable to vehicles with level 3 or above driving automation function and automatic driving data recording system. Level 3 driving automation is conditional automatic driving. The system continuously performs all dynamic driving tasks under its designed operating conditions. Drivers can leave the steering wheel, but they still need to participate in driving under certain conditions. At present, the mainstream intelligent electric passenger cars are all two-level driving automation, that is, assisted driving.

  "Intelligent networked automobile automatic driving data recording system" (draft for comment) stipulates that,The automatic driving data recording system should record five types of data elements: basic information of vehicles and automatic driving data recording system, vehicle state and dynamic information, automatic driving system operation information, driving environment information and driver operation and state information..

  As for the data element of "driver’s operation and status information", the document requires that the driver’s ability to take over, whether the driver wears a seat belt, whether the driver is in the driving position, the opening of the accelerator pedal, the opening of the brake pedal, the status of the brake pedal, the steering wheel angle and the steering torque be recorded. Wherein if the calibrated effective opening range of the accelerator pedal and the brake pedal is less than 0 to 100,The upper limit of the effective opening of the brake pedal can be taken as the upper limit of the minimum data recording ability range..

  In addition, for information security, the document also proposes that the data recorded by the autopilot data recording system is mainly used for responsibility judgment and accident analysis after the accident, so whether the data has not been tampered with and has basic credibility plays an important role in determining whether the data is available, because this standard puts forward baseline requirements for the information security of the autopilot data recording system.Ensure the integrity and authenticity of recorded data, so as to prevent tampering, malicious deletion and forgery of data. When the integrity and authenticity of data are damaged, it should be able to identify and log it by technical means..