New Government guidance will require engineers developing the new generation of smart vehicles to toughen up cyber protection and ‘design out hacking’.
The Department for Transport said that with smart vehicles increasingly allowing drivers to access maps, travel information and radio services digitally, it is feared hackers could target them to access personal data, steal cars, and take control of technology for malicious reasons.
Transport minister Lord Callanan said: ‘Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we’re turning vehicles into wifi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks.
‘That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations.’
Mike Hawes, chief executive of the Society of Motor Manufacturers and Traders, said: ‘A consistent set of guidelines is an important step towards ensuring the UK can be among the first – and safest – of international markets to grasp the benefits of this exciting new technology.’
The key principles in the guidance are:
1 – organisational security is owned, governed and promoted at board level
2 – security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
3 – organisations need product aftercare and incident response to ensure systems are secure over their lifetime
4 – all organisations, including sub-contractors, suppliers and potential third parties, work together to enhance the security of the system
5 – systems are designed using a ‘defence-in-depth’ approach
6 – the security of all software is managed throughout its lifetime
7 – the storage and transmission of data is secure and can be controlled
8 – the system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail