Government issues guidance to combat 'smart' car hacking
07 August 2017
Author: Daniel Puddicombe
The UK Government has issued new guidance to manufacturers and service suppliers to minimise and combat the threat hackers pose to internet-connected vehicles.
According to the government, it is feared criminals could target smart vehicles to access personal information, steal cars that use keyless entry systems or take control of vehicles for malicious reasons.
It added the legislation, which is due to be put before parliament, "will put Britain at the centre of the new technological developments in smart and autonomous vehicles while ensuring safety and consumer protection remain at the heart of the industry."
The new guidance dictates that manufacturers will need to design-out cyber threats as part of new vehicle development work.
"Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel," said transport minister Lord Callanan. "Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we're turning vehicles into wi-fi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks."
He added: "That's why it's essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development consideration."
The guidance principles are:
- Organisational security is owned, governed and promoted at board level
- Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
- Organisations need product aftercare and incident response to ensure systems are secure over their lifetime
- All organisations, including sub-contractors, suppliers and potential third parties, work together to enhance the security of the system
- Systems are designed using a defence-in-depth approach
- The security of all software is managed throughout its lifetime
- The storage and transmission of data is secure and can be controlled
- The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail.