ACEA members agree six principles of cyber security to secure the automotive future

18 October 2017

The European Automobile Manufacturers Association (ACEA) has published six key principles of automotive cyber security, which have been endorsed by all its members.

As vehicles become more connected, and autonomous vehicles start to build towards their inevitable release on European roads with trials taking place across the continent, there is a constant worry about cyber security and how the industry will keep data mined from vehicles, including personal data, secure.  

The automotive industry was hit by the malware attack in May 2017, which saw hackers trick companies into opening emails with malicious software embedded in them. This encrypted key files on computers with a demand for payment to release the encryption. French manufacturer Renault halted production at a number of its sites in the country due to the attack, while Nissan’s plant in Sunderland was also affected. 

Therefore, manufacturers are open to vulnerabilities and as vehicles will rely on access to remote servers, data protection is key. In addition, vehicles themselves can also be hacked, as witnessed by a number of car makers.

′The digital world offers unprecedented opportunities,’ stated ACEA Secretary General, Erik Jonnaert. ′Nevertheless, opportunity comes with risks, and one of these is the threat of a direct cyberattack on your car or indeed a whole fleet of vehicles. Keeping cybersecurity risks for connected vehicles in check is therefore of crucial importance.’

Countering such risks requires the number of data interfaces within a vehicle to be limited. Secondly, interfaces that are needed for connectivity purposes should be protected with very high cybersecurity measures, according to the association. Highly aware of this, the automobile industry has taken the lead in designing and producing safe and secure connected and automated vehicles, by following well-established safety and security principles.

The European Commission last month published its thoughts on cyber security, which state that specific sectors, facing specific threats, should be encouraged to develop their own approach to cybersecurity in order to complement general cyber strategies.

Demonstrating the industry’s commitment to continue to ensure user safety, ACEA and its 15 member companies have published a set of six key principles:

• Cultivating a cybersecurity culture
• Adopting a cybersecurity life cycle for vehicle development
• Assessing security functions through testing phases
• Managing a security update policy
• Providing incident response and recovery
• Improving information sharing amongst industry actors

All manufacturers agree to endorse these principles to enhance the protection of connected and automated vehicles against cyber threats.

In August, The UK Government issued new guidelines for vehicle manufacturers to ensure their vehicles are in receipt of tougher cyber protection protocols, making sure they are protected from hackers.

The guidance will ensure that connected vehicles are designed with engineers seeking to iron out any potential threats to cyber security, which could see personal information stolen or a vehicle either broken into, stolen or being taken control of while driving. The new guidelines include making the systems able to withstand receiving corrupt, invalid or malicious data or commands, and allowing users to delete personally identifiable data held on a vehicle’s systems.