The UK government has published guidance to help improve the security of connected and autonomous vehicles.
The government said that these guidelines would ensure that engineers who develop smart vehicles “will have to toughen up cyber protections and help design out hacking”.
The eight principles have been created by the Department of Transport and Center for the Protection of National Infrastructure (CPNI), and include instructions for car makers, such as security to be “owned, governed and promoted at board level”, and risks to be “assessed and managed appropriately and proportionately, including those specific to the supply chain”.
The principles also stated that organizations need product aftercare and incident response to ensure systems are secure over their lifetime and that all organizations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system.
“Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we’re turning vehicles into Wi-Fi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks,” said transport minister, Lord Callanan.
“That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organizations should do, from the board level down, as well as technical design and development considerations.”
Mark Noctor, VP EMEA at Arxan Technologies, said: “A major cyber-attack on connected vehicles would take a terrible toll on human life, so the security guidelines published by the UK Government on Sunday are an important step in securing this emerging technology.”
“The communications and entertainment systems are particularly vulnerable to attack, and can be reverse engineered to access the API libraries that facilitate data sharing between systems. From here attacks can even inject malicious code into the electronic control units (ECUs) and controller-area-network (CAN) bus, which control critical systems such as electric steering and braking,” he said.