A new report has revealed that connected and autonomous vehicles in the UK will be subjected to cyber security tests as part of a new safety standard known as CAV PASS that will test CAVs against quality standards before they are allowed to run on UK roads.
The new report from Express.co.uk stated that CAV PASS, the new safety assurance system for connected and autonomous vehicles, will feature a new clause that will allow for the testing of CAVs to ensure that they can not be hacked by cyber criminals.
The insertion of the new clause comes amid concerns that cyber criminals can cause massive traffic snarls and congestion on UK roads by preventing CAVs from moving or by making them move in a dangerous manner.
Express.co.uk reported that the Law Commission has called for a new national regulation scheme and licencing system to ensure that CAVs can not be purchased or deployed on UK roads until they are tested and certified.
The report comes less than a month after ResiCAV project, a study carried out by a consortium led by Zenzic and Innovate UK and including the likes of Centre for Modelling & Simulation, Oxfordshire County Council, Aesin Techworks, the University of South Wales, the University of Bristol, Coventry University and the National Digital Exploitation Centre, called for urgent steps to be taken to ensure connected and autonomous vehicles are secure prior to mass deployment in the UK.
The consortium called for the setting up of a future Cyber Centre of Excellence to support the safe and secure deployment of connected and self-driving vehicles. The primary aims of the centre will be to monitor the operational security of connected and self-driving vehicles as they are deployed and to serve as a base for ongoing research and development around CAVs.
CAV PASS was launched in September last year by the Department for Transport, Centre for Connected and Autonomous Vehicles, and George Freeman MP to ensure self-driving vehicles are safe and secure by design and minimise any defects ahead of their testing, sale and wider deployment on UK roads.
"Self-driving vehicles can offer significant rewards for the UK’s economy, road safety and accessibility. We are determined to lead in the testing and development of safe autonomous transport. This is new terrain, and with our national expertise the UK is well-placed to blaze the trail globally by developing a global benchmark for assuring the safety and security of this exciting technology," said George Freeman MP, the Future of Transport Minister.
"The new safety assurance system will first focus on enabling the advanced trialling of self-driving vehicles, and aims to eventually help assure the safety and security of these vehicles for their mainstream sale and use. Such advanced trials may include those without a human operator in the loop at all times, or the assessment of novel vehicle types such as pods and shuttles," the government said.
Concerns around the security and safety of CAVs from cyber security threats is not a new discussion. As far back as in 2017, the Insurance and Legal Report released by insurance company AXA and law firm Burges Salmon warned that connected cars in the UK will require new cyber security and data protection frameworks.
Considering that Connected and Automated Vehicles will generate enormous amounts of data once they are on the streets, the government will have to lay down a new cyber security framework to guard against concerns like denial of service attacks, data theft from cloud databases, network outage, technological malfunctions, interceptions and highjackings and information leakage, the report said.
'CAVs will generate enormous amounts of data with different and often multiple purposes. As CAVs evolve and become a reality on our roads, standards will need to be created which define the minimum security requirements embedded in the vehicle’s hardware, and what the boundaries are for software and connectivity.
'The success of CAVs will also be dependent upon a consistent framework for cyber that is able to monitor and assess the effectiveness of security measures implemented. This will contribute to informing the position adopted by insurers and legislators in identifying the risks and the ways in which to mitigate them,' it added.
Commenting on the inclusion of cyber safety tests for CAVs in the CAV PASS standard, Hugo van den Toorn, manager of offensive security at Outpost24, said that having a standard that includes testing the security as part of the overall safety of vehicles is a great way forward. Not just for autonomous vehicles but even for non-autonomous cars being produced today, which are becoming increasingly connected and ‘smart’. Smart dashboards, interconnected infotainment systems, 4G modules, mobile car companion apps, and an array of diagnostics and sensors all connecting to the central processing unit inside the vehicle.
"If an attacker is able to intercept data sent by the vehicle, or if the data is centrally stored and insufficiently secured, attackers could learn about the drivers and their vehicles. If attackers are able to somehow manipulate the data that is interpreted by the car’s systems, a whole new range of attacks opens up, which could directly affect the physical world.
"Although this has been a worry with security of cyber-physical systems for many years already, the automotive industry is so big that it would be great to have a standard such as this to lessen the worry and ensure sufficient testing. Keep in mind though, that even though there is a standard for testing these vehicles, no vehicle will ever be ‘hacker proof’. As hackers are ever-so curious, there will always be flaws uncovered by them at a later stage," he added.