Department for Transport issues guidelines designed to enhance cyber security of connected cars

A new generation of Internet-connected cars will have to be better protected from hackers under tough new guidance issued by the Department for Transport. Smart vehicles are increasingly becoming the norm on British roads, allowing drivers to access maps, travel information and new digital radio services from the driving seat, but while smart cars and vans offer new services for their drivers, it’s feared that would-be hackers could target them in a bid to access personal data, steal vehicles that use keyless entry or even take control of technology for malicious reasons.

Now, the new Government guidance will ensure engineers developing smart vehicles have to toughen up cyber protections and help in designing-out hacking. The Government is also looking at a broader programme of work announced in this year’s Queen’s Speech under the landmark Autonomous and Electric Vehicles Bill that aims to create a new framework for self-driving vehicle insurance.

The legislation will put Britain at the centre of the new technological developments in smart and autonomous vehicles, while also ensuring safety and consumer protection remain at the heart of the emerging industry.

Measures to be put before Parliament mean that insuring modern vehicles will provide protection for consumers if technologies fail.

This news emerges alongside new guidance that means manufacturers will need to design-out cyber security threats as part of their development work. That will cement the UK’s position as a world-leading location for R&D for the next generation of vehicles and forms part of the Government’s drive to ensure the country harnesses the economic and job-creating potential of new tech industries.

Public must be protected

Transport Minister Lord Callanan said: “Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we’re turning vehicles into WiFi-connected ‘hotspots’ or equipping them with millions of lines of code to become fully automated, it’s important that they’re protected against cyber attacks. That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do from Board level down, as well as focusing on technical design and development considerations.”

Mike Hawes, CEO of the Society of Motor Manufacturers and Traders, added: “We’re pleased that Government is taking action now to ensure a seamless transition to fully-connected and autonomous cars in the future and, given that this shift will take place globally, it’s great to see Government championing cyber security and shared Best Practice at an international level. These vehicles will transform our roads and society, dramatically reducing accidents and saving thousands of lives. A consistent set of guidelines is an important step towards ensuring the UK can be among the first – and safest – of international markets to grasp the benefits of this exciting new technology.”

The Government will continue to support and work collaboratively with industry to make sure vehicles are protected from cyber attacks. The guidance principles now published will form a key part of these discussions.

Industry viewpoint

In response, Richard Stiennon (chief strategy officer at the Blannco Technology Group and former vice-president of research at Gartner) has called for a greater focus on enhanced privacy protections.

“With automobile companies looking towards turning cars into mobile information hubs, more countries and industry groups are attempting to be ahead of the security curve,” explained Stiennon. “One area that hasn’t received a lot of attention in all the talk of avoiding vulnerabilities and adding-in security is the need for enhanced privacy protections. From GPS tracking to the capture of phone contacts on ‘infotainment’ systems, cars will be the next breach disaster for vehicle manufacturers, leasing companies and car rental agencies.”

Stiennon added: “Guidelines should include requirements for securely erasing critical private information from vehicles. This is an excellent opportunity to give that ability to the car owner. On top of that, leasing and rental agencies should be aware that they have inadvertently become the ‘stewards’ of millions of private records and should be required to erase those records whenever a vehicle changes hands.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts