The UK Government has announced the publication of guidelines to help improve the security of connected and autonomous vehicles.
Government representatives said that these guidelines would ensure that engineers who develop smart vehicles “will have to toughen up cyber protections and help design out hacking”.
Under-Secretary of State for Transport, Lord Callanan said of the guidelines that:
“Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we’re turning vehicles into Wi-Fi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks.”
Eight principles have been created by the Department of Transport and Centre for the Protection of National Infrastructure (CPNI), and include instructions for car makers, such as security to be “owned, governed and promoted at board level”, and risks to be “assessed and managed appropriately and proportionately, including those specific to the supply chain”.
Government principles also stated that organizations need product aftercare and incident response to ensure systems are secure over their lifetime and that all organizations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system.
Mike Hawes, the chief executive of the UK’s Society of Motor Manufacturers and Traders, said that the Government guidelines would help the U.K. be among the first countries to “grasp the benefits of this exciting new technology.”
Mark Noctor, of Arxan Technologies, added that:
“A major cyber-attack on connected vehicles would take a terrible toll on human life, so the security guidelines published by the UK Government on Sunday are an important step in securing this emerging technology. The communications and entertainment systems are particularly vulnerable to attack, and can be reverse engineered to access the API libraries that facilitate data sharing between systems. From here attacks can even inject malicious code into the electronic control units (ECUs) and controller-area-network (CAN) bus, which control critical systems such as electric steering and braking.”