HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (13 Apr 2025)

GB/T 40861-2021 PDF English


Search result: GB/T 40861-2021
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 40861-2021English260 Add to Cart 0-9 seconds. Auto-delivery. General technical requirements for vehicle cybersecurity Valid


GB/T 40861-2021: PDF in English (GBT 40861-2021)

GB/T 40861-2021 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 430.020 CCS T 40 General Technical Requirements for Vehicle Cybersecurity ISSUED ON: OCTOBER 11, 2021 IMPLEMENTED ON: MAY 01, 2022 Issued by: State Administration for Market Regulation; Standardization Administration of PRC. Table of Contents Foreword ... 3 Introduction ... 4 1 Scope ... 6 2 Normative References ... 6 3 Terms and Definitions ... 6 4 Abbreviations ... 8 5 Protected Objects ... 9 5.1 General ... 9 5.2 In-vehicle system... 9 5.3 Out-of-vehicle communication ... 10 6 Technical Requirements ... 10 6.1 Principled requirements ... 10 6.2 Systematic defence strategy requirements ... 11 6.3 Protection dimension requirements ... 12 Appendix A (Informative) Information Security Threats ... 18 Bibliography ... 23 General Technical Requirements for Vehicle Cybersecurity 1 Scope This Document specifies the protected objects and technical requirements of vehicle cybersecurity. This Document is applicable to M and N categories of vehicles, their electrical and electronic systems and components. 2 Normative References The provisions in following documents become the provisions of this Document through reference in this Document. For the dated documents, only the versions with the dates indicated are applicable to this Document; for the undated documents, only the latest version (including all the amendments) is applicable to this Document. GB/T 29246-2017 Information Technology - Security Techniques - Information Security Management Systems - Overview and Vocabulary GB/T 34590.3-2017 Road Vehicles - Functional Safety - Part 3: Concept Phase 3 Terms and Definitions For the purposes of this Document, the terms and definitions given in GB/T 29246- 2017 and the following apply. 3.1 Vehicle cybersecurity The electronic and electrical systems, components and functions of the vehicle are protected, so that its assets are not threatened. 3.2 Authenticity An entity is a characteristic of the entity it claims. [Source: GB/T 29246-2017, 2.8, modified] 3.3 Confidentiality a) Software system; b) Electrical and electronic hardware; c) In-vehicle data; d) In-vehicle communication. NOTE: In-vehicle communication is the communication between in-vehicle systems and components, such as CAN communication, LIN communication, Ethernet communication, etc. 5.3 Out-of-vehicle communication The out-of-vehicle communication is divided into the following sub-protected objects: a) Long-distance communication outside the vehicle; b) Short-distance communication outside the vehicle. NOTE 1: The out-of-vehicle communication refers to the communication between the entire vehicle and the terminal outside the vehicle. NOTE 2: The long-distance communication outside the vehicle refers to cellular mobile communication, satellite navigation, etc. NOTE 3: The short-distance communication outside the vehicle refers to Bluetooth, near-field wireless communication and Wi-Fi, etc. 6 Technical Requirements 6.1 Principled requirements 6.1.1 Principle of business suitability The information security design of the product shall be combined with the actual needs of the business or functional environment, while considering the impact on the normal use of the business or function. 6.1.2 Principle of no backdoor for software The software system shall not have a backdoor. 6.1.3 Principle of function minimization The useless software components, protocol ports, and ECU hardware debugging interfaces shall be disabled or removed; device pin information should not be exposed. 6.1.4 Principle of minimize authorization Only necessary permissions shall be granted for product access and information processing activities. 6.1.5 Principle of permissions separation The information processing activities of important protected objects shall have two or more authorities; and each authority shall be separated from each other and granted separately. 6.1.6 Principle of default settings The product shall complete the default information security settings; this setting shall minimize and simplify the user's information security requirements. 6.2 Systematic defence strategy requirements 6.2.1 General The product can adopt one of the following systemic defence strategies: a) Defence-in-depth; b) Active defence; c) Resilient defence. NOTE: Systematic defence strategy is an overall defence strategy based on constructing the overall information security protection of the system to avoid the problem of insufficient overall protection capabilities due to the isolation of various information security protection measures. 6.2.2 Requirements for Defence-in-depth The Defence-in-depth meets the following requirements: a) According to the environmental conditions of the protected object and the requirements of information security management, protective measures shall be implemented from the outside to the inside for the protected object at various levels; b) Security measures at all levels shall rely on each other to form a systematic protection mechanism, thereby improving the overall anti-attack capability of the system. 6.2.3 Requirements for active defence The active defence shall adopt measures including but not limited to intelligence c) Verify the authority to upgrade, load and install the software system. 6.3.1.1.6 Non-repudiation The software system shall have the function of providing evidence of data origin and data receipt to the originator or recipient of the data upon request. EXAMPLE: Using digital signature technology, etc. 6.3.1.1.7 Accountability The software system shall meet the following accountability requirements: a) Record important information security events, including but not limited to user activities and operating instructions; the content of the record should include information such as the time of the event, the user, the type of the event, and the result of the event; b) Protect the audit log from illegal tampering, deletion and forgery. 6.3.1.1.8 Preventability The software system shall have the ability to perceive information security attacks on itself. When an information security attack is detected, it should respond with log records, information security alarms or attack prevention. 6.3.1.2 Protection requirements for electronic and electrical hardware 6.3.1.2.1 Integrity Integrity protection shall be adopted for the ECU package (case, seal, etc.). EXAMPLE: Use a seal that shall leave a sign when it is opened. 6.3.1.2.2 Access controllability Electronic and electrical hardware shall remove or prohibit unnecessary debugging interfaces. NOTE: In order to better understand the technical requirements of the protected objects in different dimensions, the typical security threats faced by the in-vehicle hardware are listed in A.1.2. 6.3.1.3 Protection requirements for in-vehicle data 6.3.1.3.1 Confidentiality Important safety parameters shall meet the following confidentiality requirements: EXAMPLE: Using message filtering mechanism, message overload control mechanism and user access authority control mechanism, etc. 6.3.1.4.6 Accountability In-vehicle communication shall have the ability to log records. Example: Record phenomena such as traffic overload and abnormal messages received at a high frequency. 6.3.1.4.7 Preventability In-vehicle communication shall have the ability to perceive abnormal messages; when abnormal messages are perceived, they should have the ability to alert or other safe responses. EXAMPLE: Receiving abnormal phenomena such as high-frequency replay messages or messages that have been tampered. 6.3.2 Protection requirements for out-of-vehicle communication 6.3.2.1 Protection requirements for long-distance communication outside the vehicle 6.3.2.1.1 Authenticity The long-distance communication outside the vehicle shall meet the following authenticity requirements: a) Turn on the two-way authentication function of the 3G, 4G, and 5G communication network layer; b) An independent two-way authentication mechanism is supported on the cellular mobile communication network layer. 6.3.2.1.2 Confidentiality The long-distance communication outside the vehicle shall meet the following confidentiality requirements: a) Possess encryption functions of 3G, 4G, and 5G communication network layer; b) The independent encryption mechanism is supported on the cellular mobile communication network layer, and the security protocol of TLS1.2 version and above should be adopted. 6.3.2.1.3 Integrity The long-distance communication outside the vehicle shall meet the following integrity requirements: a) Possess the integrity protection function of the 3G, 4G, and 5G communication network layer; b) The independent integrity mechanism is supported on the cellular mobile communication network layer, and the security protocol of TLS1.2 version and above should be adopted. 6.3.2.1.4 Availability The components communicating with the outside shall support DoS/DDoS attacks. 6.3.2.1.5 Access controllability The long-distance communication outside the vehicle shall have the ability to control the access of the communication message. EXAMPLE: white-list access control, message filtering, anti-communication traffic overload mechanism, etc. 6.3.2.1.6 Non-repudiation The long-distance communication outside the vehicle shall meet the following non- repudiation requirements: a) Ensure the uniqueness of the communication ID of the cellular mobile communication network layer (such as: International Mobile Subscriber Identity IMSI, Integrated Circuit Card Identity ICCID, etc.); b) The independent non-repudiation mechanism (such as the use of a certificate mechanism, etc.) is supported on the cellular mobile communication network layer. 6.3.2.1.7 Preventability The long-distance communication outside the vehicle shall have the ability to monitor the security of communication messages and the ability to perceive attack behaviour; when the information security is attacked, it should carry out the response to the message cleaning, flow control or prevent the attack behaviour. 6.3.2.2 Protection requirements for short-distance communication outside the vehicle 6.3.2.2.1 Authenticity The identity authentication function shall be turned on for short-distance ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.

Similar standards: GB/T 40856   GB/T 40855   GB/T 40857   

PDF Preview: GB/T 40861-2021