As cars become more reliant on connected services, and autonomous cars appear on the horizon, they're shaping as juicy targets for hackers. Rather than sitting back and waiting for cyber criminals to strike, the UK Department of Transport has created a list of principles designed to make cyber security a top priority for car manufacturers.
The list, catchily dubbed "The key principles of vehicle cyber security for connected and automated vehicles," is made up of eight central ideas. As a start, car companies are expected to make sure security is "owned, governed and promoted at board level," and any risks should be "assessed and managed appropriately and proportionately."
The third principle says organizations need to continually update and support their older products as new threats arise, and the fourth encourages third-parties and OEM suppliers to work with manufacturers in pursuit of better security. Given many of the electric parts in modern cars – from engine-managing ECUs to window switches – come from external suppliers, that's an important consideration.
Guideline five suggests computer systems need to be designed to make hacking difficult. That means making sure they don't rely on single points of failure, and having appropriate security and early warning on cloud-based systems working away in the background. Finally, any data storage or transmission needs to be controlled and secure, and systems should be able to respond appropriately when their defences are compromised or sensors damaged.
The list is designed to address public fears that hackers might be able to target connected cars, either to steal personal data or for other malicious purposes. The basic message from the UK Government is simple: this is an issue that needs to be taken seriously, and carmakers need to be dealing with security from a management level.
We'll just have to wait and see if the message gets through.
Source: UK Government