The Government has published new guidance as part of plans to make sure the next generation of internet-connected cars are better protected from hackers.
Labelled as ‘tough’, the measures to be put before Parliament are designed to ensure that modern vehicles provide protection for consumers if technologies fail. The new guidance is accompanied by a call for manufacturers to help combat the threat posed by would-be hackers.
The Government says smart vehicles – which allow drivers to access maps, travel information and new digital radio services from the driving seat – are increasingly becoming ‘the norm’.
However, there are fears that would-be hackers could target these vehicles to access personal data, steal cars, or even take control of technology for ‘malicious reasons’.
Published yesterday (6 August), the new guidance encourages engineers developing smart vehicles to ‘toughen up’ cyber protections. For example, manufacturers will need to design out cyber security threats as part of their development work.
The guidance is centred around eight key principles, including:
- Organisations involved in developing smart vehicles need to build in product aftercare and incident response to ensure systems are secure over their lifetime
- All organisations, including sub-contractors, suppliers and potential 3rd parties, should work together to enhance the security of the system
- Systems should be designed using a ‘defence-in-depth’ approach
- The storage and transmission of data must be secure and controlled
- Systems must be designed to be resilient to attacks, and able to respond appropriately when defences or sensors fail
Lord Callanan, transport minister, said: “Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected.
“Whether we’re turning vehicles into wifi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks.
“That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry.
“Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations.”