UK issues manufacturer guidelines for connected car cyber security

07 August 2017

7 August 2017 The UK Government has issued new guidelines for vehicle manufacturers to ensure their vehicles are in receipt of tougher cyber protection protocols, making sure they are protected from hackers. The guidance will ensure that connected vehicles are designed with engineers seeking to iron out any potential threats to cyber security, which could see personal information stolen or a vehicle either broken into, stolen or being taken control of while driving. The Government is also looking at a broader programme of work announced in this year’s Queen’s speech under the landmark Autonomous and Electric Vehicles Bill that aims to create a new framework for self-driving vehicle insurance. The new guidelines include making the systems able to withstand receiving corrupt, invalid or malicious data or commands, and allowing users to delete personally identifiable data held on a vehicle’s systems. Manufacturers must make plans for how to maintain and support security over the lifetime of the vehicle, the government said, and personal accountability for product security should be held at board level. UK Transport Minister Lord Callanan comments: ′Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we’re turning vehicles into WiFi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks. ′That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations.’ Mike Hawes, SMMT chief executive, adds: ′We’re pleased that government is taking action now to ensure a seamless transition to fully connected and autonomous cars in the future and, given this shift will take place globally, that it is championing cyber security and shared best practice at an international level. These vehicles will transform our roads and society, dramatically reducing accidents and saving thousands of lives. A consistent set of guidelines is an important step towards ensuring the UK can be among the first – and safest – of international markets to grasp the benefits of this exciting new technology.’ Cyber security is a growing concern in the automotive world as vehicles become more connected. Some companies have exposed flaws in apps offered by vehicle manufacturers, while the global ransomware attack in May 2017 raised questions about data storage by carmakers. There have also been calls for clarity as to who owns the data generated by vehicles, and whether the driver can control who has access to it. In addition to the new guidelines, there are also plans for new legislation concerning insurance for self-driving vehicles, as the technology becomes more prevalent in cars coming to market. This is especially evident with the new Audi A8, featuring Level 3 autonomy, where the driver must be aware of what is going on while the vehicle drives itself, but can give control over to the car. The introduction of self-driving cars has been hampered by legal hurdles in several countries as insurers and legislators try to establish who would ultimately be responsible in the event of an accident. In addition, insurers believe that drivers are confused about self-driving technology, and the different levels and adoptions available in vehicles. ‘Measures to be put before parliament mean that insuring modern vehicles will provide protection for consumers if technologies fail,’ it said.