DfT to enforce anti-hacking measures for connected cars
New generations of connected cars will offer better protection against the threat of hacking under latest Department for Transport measures.
Responding to increasing concerns that hackers can steal connected car data or even the vehicles themselves, the new guidance issued today means carmakers will need to design out cyber security threats as part of their development work.
The guidance covers all parties involved in the manufacturing supply chain and sets out principles including personal accountability being held at the board level for product and system security and technical design and development considerations, including that the security of all software is managed throughout its lifetime.
Last year saw the FBI warn that vehicles are “increasingly vulnerable to remote exploits” and saying that it is “important that consumers and manufacturers maintain awareness of potential cyber security threats”. This follows cases of car hacking including in the US, where researchers managed to wirelessly seize control of a Jeep Cherokee to highlight its vulnerability, leading the carmaker to recall 1.4m Dodges, Jeeps, Rams and Chryslers.
Commenting on the new measures, Transport Minister Lord Callanan said: “Whether we’re turning vehicles into WiFi-connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks. That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry.”
The measures follow the announcement in this year’s Queen’s speech of the landmark Autonomous and Electric Vehicles Bill that aims to create a new framework for self-driving vehicle insurance, covering motorists for when the vehicle is in automated mode as well as when they are driving.
Mike Hawes, chief executive of the SMMT, welcomed the latest DfT move, saying: “We’re pleased that government is taking action now to ensure a seamless transition to fully connected and autonomous cars in the future and, given this shift will take place globally, that it is championing cyber security and shared best practice at an international level.
“A consistent set of guidelines is an important step towards ensuring the UK can be among the first – and safest – of international markets to grasp the benefits of this exciting new technology.”
Gerry Keaney, chief executive of the BVRLA, welcomed the news, saying: “As connected and autonomous vehicles become more prevalent on our roads, it will be crucial for manufacturers to consider security requirements in the vehicle’s design and it will be equally as important to protect our infrastructure.
“Cyber security is potentially an area of huge vulnerability for the automotive industry if we do not take steps to be properly protected so we expect to see an increase in the employment of tech-savvy cyber security professionals throughout the supply chain right across the automotive industry.”
Jason Hart, CTO data protection at digital security specialist Gemalto, also welcomed the news, saying: “It’s a long time coming. I think it shows that actually this should go beyond the connected car – I get it why the Government are focusing on the connected car, given lots of them are going to be on the road. But ultimately this should be expanded to anything that’s connected and have similar mandatory requirements – anything where there’s lives involved.”