Information Security / UK government announces guidelines for connected and autonomous vehicles
UK government announces guidelines for connected and autonomous vehicles
8 August 2017 |
The UK government's Department for Transport has released a set of guidelines that manufacturers must follow to ensure cyber security of connected and autonomous vehicles.
The Department for Transport recommends that security of connected and autonomous vehicles should be managed throughout their lifetime.
Along with the Centre for the Protection of National Infrastructure (CPNI), the Department for Transport has created eight new principles that will govern the cyber security of connected and autonomous vehicles that will hit the roads in the future.
Connected and autonomous vehicles, as has been demonstrated in the past, are vulnerable to cyber attacks and if their security infrastructure feature vulnerabilities, hackers can inject malicious code into their systems to control critical features like electric steering and braking.
Hackers can also exploit vulnerabilities in connected and autonomous vehicles to access routes taken by such vehicles, control entertainment systems, and cause accidents as an when they please.
Considering such possibilities, the Department for Transport recommends that security of connected and autonomous vehicles should be assessed and managed across the supply chain and that the same is owned, governed and promoted at board level. Here is the set of guidelines published by the DoT:
1. Organisational security is owned, governed and promoted at board level.
2. Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain.
3. Organisations need product aftercare and incident response to ensure systems are secure over their lifetime.
4. All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system.
5. Systems are designed using a defence-in-depth approach.
6. The security of all software is managed throughout its lifetime.
7. The storage and transmission of data is secure and can be controlled.
8. The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail.
The Department has expressed hope that the new guidelines will 'ensure engineers developing smart vehicles will have to toughen up cyber protections and help design out hacking'. The Department added that a new Autonomous and Electric Vehicles Bill will create a new framework for self-driving vehicle insurance as well.
"Whether we’re turning vehicles into wifi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks," says Transport Minister Lord Callanan.
"That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations," he adds.
Mike Hawes, Society of Motor Manufacturers and Traders Chief Executive, has expressed satisfaction with the fact that the government is willing to ensure a seamless transition to fully connected and autonomous cars in the future, considering that such vehicles will reduce accidents and save thousands of lives.
At the same time, sharing best practice at an international level and championing cyber security of connected and autonomous cars will make the UK ' among the first – and safest – of international markets to grasp the benefits of this exciting new technology,' he added.
Latest posts by Jay Jay (see all)
- 52% of UK schools and colleges are still not fully GDPR compliant - 23rd April 2019
- EU Parliament adopts centralised biometric database to monitor migrants - 23rd April 2019
- UK businesses suffered nearly 120,000 cyber attacks each in Q1 2019 - 19th April 2019
- Supreme Court allows Morrisons to appeal data breach verdict - 19th April 2019
- Facebook “unintentionally” imported email contacts of over 1.5 million users - 18th April 2019