The UK government has introduced a new cyber security standard for any automakers that manufacture self-driving and connected cars.
The British Standards Institute (BSI) has developed the guidance after working with leading academics and businesses in the automotive sector, as well as with the National Cyber Security Centre.
All of this work has been funded by the Department for Transport, which wants to solidify the UK’s position as a world-leader in the development of self-driving vehicles.
Future of mobility minister Jesse Norman commented: “As vehicles get smarter, major opportunities for the future of mobility increase. But so too do the challenges posed by data theft and hacking.”
He added that the intention of this new standard is to “improve the resilience and readiness of the industry”.
Ford, Bentley and Jaguar Land Rover were among the automakers that contributed to the development of the new standard, which doesn’t only cover the vehicles themselves, but the whole “intelligent transport ecosystem”.
In addition to the vehicles, this includes related infrastructure, such as roadside and remote systems, and the human elements of the ecosystem, from the drivers to the designers, manufacturers and service providers.
The BSI standard states: “A lifecycle approach is required to tackle all the risks that will arise from a constantly changing threat landscape, so as to protect vehicles and vehicle-related systems once they have been delivered to the market.”
With the UK’s connected vehicle market expected to be worth £52 billion by 2035, it’s understandable that the government wants to get it right.
This all follows on from the key principles of vehicle cyber security for connected and automated vehicles that were published by the country’s government in August of last year. It outlined eight principles for the automotive sector to follow.
Among the principles are that “organisational security is owned, governed and promoted at board level”, and that “organisations need product aftercare and incident response to ensure systems are secure over their lifetime”.
Another is that “systems are designed using a defence-in-depth approach”. This means that there are no single points of failure within the security of the system and that both defence-in-depth and segmented techniques are utilised.
It also suggests automotive firms use “complementary controls such as monitoring, alerting, segregation, reducing attack surfaces (such as open internet ports), trust layers/boundaries and other security protocols”.
Earlier this month, an article for Toptal suggested that machine learning could also be used to help protect self-driving vehicles from hacks. It explained that the key to this working effectively is the vehicle being able to collect and store the right data.
“If a car’s internal network is monitored using a platform capable of storing and analyzing logs, the vehicle itself can detect malicious activity and prevent attacks – or at the very least, alert drivers and mitigate their impact,” it stated.
With all the technology still being developed, firms that are working in this sector have a lot to consider and include in their security protocols. Whatever sector you work in, you may benefit from independent security testing to check the performance and compliance of your systems.
