Research on data security analysis and regulatory strategies in intelligent connected cars

Intelligent connected cars are an important carrier for the exchange and sharing of intelligent information between cars and people, roads, and backends. It can be said that smart cars are the next generation of large-scale mobile terminals. Since intelligent connected cars are equipped with a large number of sensors, they will continuously collect environmental perception information during driving, including road information, vehicle working condition information, and personal information of drivers and passengers, and use this information to better Provide autonomous driving and personalized services for thousands of people.

# Therefore, as intelligent and connected cars are running rapidly, data security is undoubtedly one of the core issues that need to be tackled urgently. At present, the construction of domestic data interaction platforms is through government organizations, top-level design, deployment of national strategies and support from ministries and commissions, and cooperation with local governments and scientific research institutions to build relevant information public service platforms. These include the "Two Passengers and One Danger" supervision platform, heavy vehicle remote emission monitoring platform, and new energy vehicle national monitoring and management platform. Its main functions include vehicle monitoring, fault diagnosis, power consumption statistics, energy consumption management, system management, operating mileage statistics, vehicle equipment management, APP vehicle management, etc., so as to monitor vehicle information in real time, perform fault monitoring and safety alarms on vehicles wait.

1. Interpretation of data security of intelligent connected cars

1. National policy level

National Development and Reform Commission, Ministry of Industry and Information Technology, etc. 11 Several national ministries and commissions jointly issued the "Notice on Issuing the "Smart Vehicle Innovation and Development Strategy"", which proposed that by 2025, the technological innovation, industrial ecology, infrastructure, regulations and standards, product supervision and network security of China's standard smart vehicles The system is basically formed. The key tasks of the "Intelligent Vehicle Innovation and Development Strategy" are clarified as follows:

2. At the national regulatory level

At present, Europe, the United States, In Japan, South Korea, and other mid-sized regions, most vehicle data is owned by car manufacturers, not car owners. The Cybersecurity Law implemented in our country in June 2017 requires that the collection of personal information should comply with the principle of necessity, that is, the information collected should be necessary to provide services; before collecting personal information, the subject of personal information needs to be clearly informed of the need to provide Different business functions of products or services, and the types of personal information collected respectively; in addition, the relationship between how to balance personal information and privacy protection and data ownership is still a core issue. In the General Principles of the Civil Law promulgated in October 2017, It is required that when obtaining other people's personal information, information security should be obtained and ensured in accordance with the law, and no illegal collection, use, processing, and transmission of other people's information should be carried out, and no other people's personal information should be illegally bought, sold, provided, or disclosed.

Subsequently in March 2020, the Information Security Technology-Personal Information Security Specification stipulated that OEMs need to comply with requirements to protect personal device information, location information, driver's license information, etc. This specification applies not only to the collection of personal information from mobile phones or computers through APP clients or web pages, but also to the collection of personal information through other methods such as sensing devices and paper methods. In May 2020, Chapter 6 of Title 4 of the Civil Code stipulated the right to privacy and the protection of personal information. In the future, in addition to major illegal and criminal acts that seriously infringe citizens' personal rights and property rights, they shall bear criminal liability in accordance with the Criminal Law (civil lawsuits may be filed incidentally), and for general infringements of personal information rights, any natural person or organization may Protect rights from the perspective of tort law and file a civil lawsuit on the grounds that personal information rights have been infringed.

Here we need to talk about the recent importance that the country attaches to data security from real examples. Recently, Didi was arrested for 16 illegal facts related to data security, including illegal collection of user album screenshots, illegal collection of user clipboard information and application lists, and illegal collection of passenger facial recognition information. It proves that the country attaches great importance to data security, and the domestic attention to personal privacy protection and data security has reached a new height.

3. Industry standard level

The data level directly related to autonomous driving mainly refers to the autonomous driving recording system (DSSAD), which mainly refers to the mandatory national standards for L3 and above vehicles. Currently, The draft has been completed, has been included in the scope of staged discussions by the Automobile Standards Committee, and has been cited in the access document.

According to standard requirements, when the car suffers a safety incident, the corresponding data will be recorded. Among them, key safety events are recorded (including three types of situations: the system detects a collision or has a risk of collision and the actual collision occurs). At the same time, minor safety events include: automatic driving system activation, exit and takeover request, etc.;

This standard is a national mandatory standard, and national ministries and commissions will be based on the DSSAD standard. Further strengthen the supervision of intelligent connected vehicle data. It is applicable to Class M and Class N vehicles with L3 and above driving automation functions, and other types of vehicles can refer to it for implementation. Its main function is to record and store data elements such as the automatic driving system and vehicle operation, driving environment, and vehicle personnel status when the status of the automatic driving system changes or certain trigger conditions are met. This standard plays an important role in determining legal liability, determining whether the responsible party is the driver or the vehicle, and analyzing the reasons on this basis.

4. Autonomous Driving Access Guide

Currently, our country is promulgating special regulations specifically for automobile data, which means that automobile data is completely subject to any regulation. The recent autonomous driving access guidelines, which are in full swing, also have detailed regulations on data security.

First of all, the access guidelines in the main document stipulate that intelligent connected vehicle manufacturers should collect, use and protect personal information in accordance with the law, implement data classification and hierarchical management, and formulate important data directories. Sensitive information related to national security shall not be disclosed. Personal information and important data collected and generated during operations within the territory of the People's Republic of China shall be stored within the territory in accordance with relevant regulations. If it is really necessary to provide information overseas due to business needs, it should be reported to the industry competent authority. Intelligent connected car products should have event data recording and automatic driving data storage functions. The data collected and recorded should at least include the operating status of the driving automation system, driver status, driving environment information, vehicle control information, etc., and should meet relevant performance and Safety requirements ensure the integrity of equipment recorded data when a vehicle is involved in an accident.

In addition, item (7) of the enterprise network security requirements stipulates that enterprises should establish and improve data security management systems, implement data classification and hierarchical management, formulate important data catalogs, and strengthen Data access rights management and security audit; take effective technical measures to strengthen security protection such as data collection, transmission, storage, and use, and promptly handle security incidents such as data leakage and abuse.

The following interpretation can be made from the autonomous driving access guide:

First of all, the guide emphasizes the enterprise’s safety assurance capabilities , enterprises need to establish a safety monitoring service platform. According to the reference new energy vehicle detection platform, it can be inferred that intelligent connected vehicles may be subject to more stringent supervision in the future;

Secondly, the guide also emphasizes Regarding the legality, security, classification and hierarchical management of data, and data situation management, the country will increase data protection in the future.

2. Effective management and classification of data security

The starting point of the entire data security management system is from data collection to subsequent data transmission, During the entire process from data storage, data processing, data exchange to final data destruction, enterprises should establish a complete data security management system for each link of the data life cycle, and adopt necessary data security technologies to ensure the security of data operation and the system in which the data is located. Security, achieving efficient and coordinated security management of data resources.

The automotive data classification principle should be guided by the natural attributes of the data and follow scientific, stable, practical, scalable, and independent grading , the principle of clarifying needs. Scientifically and systematically classify the characteristics of intelligent driving data and the objective relationships between them. The classification should cover all intelligent driving data as much as possible without setting up meaningless categories. At the same time, it should be inclusive and scalable in general.

1. Clarify whether the collected data has security requirements

After determining the data level for various types of data, the opening and sharing requirements for automobile data of this level should be clarified, as well as the scope of data distribution. Whether decryption or desensitization treatment is needed, etc.

2. Autonomous grading of data

Before opening and sharing car data, various types of data should be graded independently according to the grading method.

3. Data scalability

The data classification scheme should be general and inclusive in general, and can realize the classification of various types of automobile data and meet the needs of the future. Possible data types.

4. Data practicality

Before collecting smart car data, it is necessary to ensure that there is car data under each category, and there are no meaningless categories. The classification of categories should be in line with users’ general understanding of automobile data classification.

5. Data stability

Smart car data should be based on various data classification methods in the car data catalog, and based on the most stable characteristics and characteristics of car data Develop a classification scheme based on attributes.

6. Data science

The science of smart car data emphasizes the scientific and systematization of the multi-dimensional characteristics of car data and the objective logical relationships between them. grading.

So from the perspective of intelligent connected cars, how to effectively classify car data?

First of all, from the perspective of software and hardware architecture, the implementation of the autonomous driving system mainly relies on the three major modules of perception, decision-making and execution. During driving, various types of inertial navigation, radar, vision and other sensors are used to collect vehicle dynamics and surrounding environment data, and then transmit the data to the on-board computing platform for analysis and make corresponding decisions. Finally, the decision-making layer sends instructions to the execution module to change the vehicle's driving status. . Therefore, the data generated or involved in the entire process can be classified into five data types: basic vehicle data, perception data, decision-making data, operation data and user data.

Data classification should first fully consider the importance of automobile data to national security, social stability and citizen safety , and whether the data involves state secrets, user privacy and other sensitive information are directly related. Adapt to my country's existing laws and regulations for the protection of important data and personal information, follow the principles of intelligent network-connected vehicle data security classification, refer to the information security level protection regulations, and follow the impact of data destruction on national security, social order, and public interests. As well as the degree of harm to the legitimate rights and interests of citizens, legal persons and other organizations, it is divided into four levels from low to high.

Based on the above grading principles and methods, the intelligent connected car data is classified as follows:

3. Data Security Management and Monitoring Platform

The intelligent connected automobile industry is in a booming development trend. Its relevant data has characteristics such as diversity, interactivity, and timeliness, and contains huge economic potential. Value, through data collection and analysis, it can not only provide support for the formulation of standards and the establishment of key libraries, but also provide more reliable guarantee for the determination of rights and responsibilities of intelligent connected vehicle systems. Therefore, it is necessary to establish a system that integrates supervision, interaction, security, application, A comprehensive data platform that serves all in one.

Intelligent connected car data has three major characteristics: diversity, interactivity, and timeliness. Among them, diversity refers to diverse data sources, types, interface formats, and value densities. Interactivity is the use of various algorithms, software, and operating service systems to enable the flow, interaction, and integration of different data. Timeliness refers to processing dynamic and static data in a timely manner, shortening the time interval between each link, and increasing the value of the data. In order to realize the above requirements, it is necessary to monitor, store, analyze and extract from safety supervision; autonomous driving disengagement monitoring; accident record tracing and liability determination. At the same time, it is also necessary to improve the interconnection and interoperability between multi-source interaction individuals in terms of multi-source interaction; develop a standardized communication protocol stack; and process heterogeneous data in a structured manner. In addition, information security protection requires monitoring the data interaction process at any time to prevent automotive system ethics hacker attacks and avoid possible tampering risks of interactive data.

Currently, the construction of domestic data interaction platforms focuses on building relevant information public service platforms through government organizations, top-level design, deployment of national strategies and support from ministries and commissions, and cooperation with local governments and scientific research institutions. . By establishing a three-level scalable distributed multi-center architecture of "country-territory-enterprise", the platform has unified planning, unified architecture, and unified standards to form a complete automotive industry data collection, processing, storage, application, and service system to ensure the platform's Rationality, unity and scalability.

# In addition, a security architecture based on blockchain technology is needed to build a data validation and security system under multi-cloud collaboration based on integrity. The audit mechanism protects data from tampering, realizes data security risk prevention and control based on data security audit, and enables safe operation and calculation based on trusted smart contracts based on the blockchain. It ensures data storage, circulation and traceability in the cloud chain environment, and realizes data classification and classification. Share, analyze and apply.

In the data security extraction platform service center, it is necessary to realize real-time monitoring of the operating status of autonomous driving systems, core components, etc. based on the collection and processing of intelligent networked vehicle operating data information; monitoring It includes global data monitoring, operation statistics, event analysis, vehicle-road collaboration, working condition data, and mode recording.

At the same time, building a monitoring platform requires real-time acquisition of event information such as intelligent connected vehicle traffic accidents, system failures or failures, supporting data visualization and data interface access, and achieving rapid data access and implementation as follows Customized multi-dimensional analysis in several aspects ultimately improves the car factory’s decision-making and operational capabilities.

• Vehicle condition analysis: Provide vehicle performance analysis and fault analysis, etc., thereby improving the decision-making ability of the OEM;
• User portrait: Intelligent cleaning of data, deep learning of user behavior characteristics, and outlining of crowd portraits; running through application scenarios to produce various tags, crowd classifications, regional heat maps, etc.;
• Travel analysis: Integrate vehicle driving spatio-temporal data to identify and characterize vehicle driving data and risk behaviors.

Finally, support the vehicle-road collaborative application platform and smart transportation services. During this period, it is required to ensure that vehicles can perceive and dynamically update road conditions beyond visual range, thereby providing a strong support for their travel decisions and vehicle behavior control, and supporting the market application of highly autonomous intelligent connected vehicles in specific environments. Therefore, when an accident occurs, the OEM can provide traffic accident data support as soon as possible and provide a basis for liability determination. Real-time monitoring, analysis and processing of traffic flow, supporting scene services such as driving path planning, traffic signal timing optimization, and bus system planning, to improve travel safety and efficiency.

4. Written at the end

It can be seen from Didi’s incident warning that for autonomous driving companies, whether they are collecting personal information from customers , or when working on GPS or other surveying and mapping information that may be involved in autonomous driving projects, OEMs must refer to the requirements of domestic laws and regulations such as the Cybersecurity Law, Data Security Law, and Personal Information Protection Law. Conduct a thorough review of your own important data processing of personal information in order to promptly discover loopholes and remediate them. For many data processing activities related to national security, it is necessary to communicate with regulatory agencies and submit approval as soon as possible.

To sum up, it can be required to strengthen data security supervision and management from the following aspects.

##First, establish a security management mechanism covering the entire life cycle of smart car data, and clarify the data security protection responsibilities and specific requirements of relevant entities;

Secondly, implement classified and hierarchical management of important data to ensure that user information, vehicle information, surveying and mapping geographical information and other data are safe and controllable;

Finally, improve the data security management system, strengthen supervision and inspection, and conduct assessments of data risks and data export security.

Therefore, traditional car companies need to consider ways to collect personal information such as signing a contract with the driver or informing passengers in the car in an appropriate manner and obtain consent. In addition, OEMs must implement transparent measures during the development process of autonomous driving systems and design and develop safety systems based on reasonable and proportional reasons. Designers and users of intelligent connected cars should try to increase the password level when entering the system, and set up multiple authentication methods to increase the difficulty of cracking the system and improve the ability to resist risks.

The above is the detailed content of Research on data security analysis and regulatory strategies in intelligent connected cars. For more information, please follow other related articles on the PHP Chinese website!