In order to implement the “Network security law of the People’s Republic of China” and other legal and regulatory requirements, and to strengthen the top-level design of the standardization of network security of the telematics (intelligent connected vehicles), China’s Ministry of Industry and Information Technology drew up “Guide for establishment of Telematics (intelligent connected vehicles) network security standards system (Hereinafter referred to as the Guide” (draft for comment) and released a request for opinions on June 21, 2021.
Based on the framework of “Guidelines for the establishment of national standard system for intelligent connected vehicles industry,” the Guide clearly indicates the target and priority contents of security standard establishment and presents the framework of the standard system as well as the priority fields and directions of standardization.
By the end of 2023, establish a basic standard system, focus on key industry standards and national standards in the areas of basic and common standards, terminal and facility security, Internet connection security, data security, application service security, and security assurance and support, and complete the establishment of more than 50 urgent standards.
By 2025, create a relatively well-developed standard system, and formulate more than 100 key standards. Strengthen the coverage of niche areas, increase the ability to support the industry with standards and the level of utilization of standards, and support the development of the security of intelligent connected vehicles industry.
The framework of the Guide includes 6 areas: overall and basic, terminal and facility security, Internet connection security, data security, application service security, and security assurance and support. The following is a breakdown of the standards included in the above 6 areas.
Overall and Basics: terminology and definitions, overall framework, use of passwords
Terminal and equipment security: on-board equipment security, vehicle-side security, roadside communication facilities security, inspection station facilities security.
Internet connection security: communication security, identity authentication.
Data security: general requirements, classification and grading, cross-border security, personal information protection, application data security.
Application service security: platform security, application program security, service security.
Security assurance and support: risk assessment, monitoring and emergency management of security, security capability assessment.
The original text of the above Guide can be viewed at the following URL (in simplified Chinese).