Under new guidance issued by the UK government, engineers developing the next generation of internet-connected smart vehicles will have to toughen up their cyber protection and help ensure they are better protected from hackers.
Smart vehicles are becoming increasingly common on the country’s roads, allowing drivers to access maps, travel and traffic information, and new digital radio services from the driving seat. But while smart cars and vans offer new services for drivers, it is feared would-be hackers could target them to access personal data, steal cars that use keyless entry, or even take control of technology for malicious reasons. The legislation aims to put the UK at the center of the new technological developments in smart and autonomous vehicles, while ensuring safety and consumer protection remain at the heart of the emerging industry.
There are eight principles in the new guidance that set out how the automotive sector can make sure cybersecurity is properly considered at every level, from designers and engineers, through to suppliers and senior level executives. The vehicle cybersecurity principles are:
Organizational security is owned, governed and promoted at board level;
Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain;
Organizations need product aftercare and incident response to ensure systems are secure over their lifetime;
All organizations, including sub-contractors, suppliers and potential third parties, work together to enhance the security of the system;
Systems are designed using a defense-in-depth approach;
The security of all software is managed throughout its lifetime;
The storage and transmission of data is secure and can be controlled;
The system is designed to be resilient to attacks and respond appropriately when its defenses or sensors fail.
“Our cars are becoming smarter and self-driving technology will revolutionize the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected,” explained UK Transport Minister Lord Callanan.
“Whether we’re turning vehicles into wi-fi-connected hotspots, or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyberattacks. That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organizations should do, from the board level down, as well as technical design and development considerations.”