China's Ministry of Industry and Information Technology (MIIT) on Thursday issued a notice document on strengthening cybersecurity and data security for connected vehicles, saying the safety and security systems for such models urgently need to be improved.
The document said that intelligent connected vehicles are a new generation of vehicles equipped with advanced sensors, controllers, actuators and other devices, and incorporating modern communication and network technologies.
They have complex environmental awareness, intelligent decision-making, collaborative control and other functions, with safety, efficiency, comfort and energy-saving features. However, with the rapid development of the industry, security risks are increasingly prominent, the document said.
The document requires relevant companies to establish a network security and data security management system, strengthen internal management, timely detection and resolution of security risks.
It mentions that car companies should take remedial measures immediately after discovering or being informed of vulnerabilities in their automotive products and report vulnerability information to the MIIT's cybersecurity threat and vulnerability information-sharing platform.
The document requires car companies to establish a security verification mechanism for OTA upgrade service packages and use secure and trusted software.
It also requires companies to implement categorized and graded management of data and strengthen the protection of personal information and important data.
Previously, a notice issued by the MIIT on Monday showed that car companies were asked to start self-examinations and fill out reports on data security, cyber security, OTA and driver assistance functions.
Car companies that fail to report late, conceal the situation or provide false information will be punished accordingly.
The action involves all car companies licensed to manufacture in China, who are required to submit their reports by October 12, 2021.
Chinese regulator asks automakers to conduct data security, cybersecurity self-reviews
(Photo source: Unsplash)