Internet connected cars will have to be better protected from cyber attackers
The Department for Transport (DOT), has issued guidance that includes eight principles for future UK use.
The DOT in conjunction with Centre for the Protection of National Infrastructure (CPNI), wants eight principles for use throughout the automotive sector for connected and autonomous vehicles, intelligent transport systems, and their supply chains.
‘While smart cars and vans offer new services for drivers, it is feared potential hackers could target them to access personal data, steal cars that use keyless entry, or even take control of technology for malicious reasons,’ the guidelines state.
The eight principles set out how vehicle manufacturers can make sure cyber security is properly considered at every level, from designers and engineers, through to suppliers and senior-level executives.
The measures are aimed at ensuring engineers developing smart vehicles toughen up cyber protections and design out cyber security risks.
In announcing the guidelines, the government highlighted the ìbroader programme of workî announced in the Queenís speech in June 2017 under the Autonomous and Electric Vehicles Bill that aims to create a new framework for self-driving vehicle insurance.
The legislation, the government said, will put the UK at the centre of the new technological developments in smart and autonomous vehicles, while ensuring safety and consumer protection remain at the heart of the emerging industry.
The measures to be put before Parliament, the government said, mean that insuring modern vehicles will provide protection for consumers if technologies fail.
The government said measures, alongside the guidelines for manufacturers to make smart cars cyber secure, are aimed at making the UK a world-leading location for research and development for the next generation of vehicles. This forms part of the governmentís drive to ensure the UK harnesses the economic and job-creating potential of new tech industries.
Eight principles of vehicle cyber security
Organisational security is owned, governed and promoted at board level.
Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain.
Organisations need product aftercare and incident response to ensure systems are secure over their lifetime.
All organisations, including sub-contractors, suppliers and potential third parties, work together to enhance the security of the system.
Systems are designed using a defence-in-depth approach.
The security of all software is managed throughout its lifetime.
The storage and transmission of data is secure and can be controlled.
The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail.
Transport minister Martin Callanan said it is important that smarter and self-driving technologies are protected against cyber attacks.
‘That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations,’ he said.
Mike Hawes, chief executive of the Society of Motor Manufacturers and Traders, welcomed the government initiative: ìWeíre pleased that government is taking action now to ensure a seamless transition to fully connected and autonomous cars in the future and, given this shift will take place globally, that it is championing cyber security and shared best practice at an international level.î
Hawes said autonomous vehicles promise to reduce road accidents dramatically and save thousands of lives. ìA consistent set of guidelines is an important step towards ensuring the UK can be among the first ñ and safest ñ of international markets to grasp the benefits of this exciting new technology,î he said.
In July 2015, the government announced a £20 million fund to research and develop driverless car technology in the UK, launched a joint policy team to co-ordinate cross-departmental work, and established a non-statutory code of practice to help ensure public safety.