Skip to main content

Guidelines on cyber security for connected and automated vehicles ‘doesn’t go far enough’

David Barzilai, chairman and co-founder of automotive cyber-security firm, Karamba Security, has applauded the UK government for taking pre-emptive action and zeroing in on preventing cyber-attacks as critical for the adoption of self-driving cars on a mass scale. However, he says the guidelines don’t go far enough toward effectively preventing car hacking, saying cars are not servers or mobile phones that can sustain the risk of hidden security bugs. The time it takes to remediate such bugs in production,
August 8, 2017 Read time: 3 mins
David Barzilai, chairman and co-founder of automotive cyber-security firm, 8519 Karamba Security, has applauded the UK government for taking pre-emptive action and zeroing in on preventing cyber-attacks as critical for the adoption of self-driving cars on a mass scale.
 
However, he says the guidelines don’t go far enough toward effectively preventing car hacking, saying cars are not servers or mobile phones that can sustain the risk of hidden security bugs. The time it takes to remediate such bugs in production, while hackers exploit them and create damage, can compromise consumers’ safety.

Smart vehicles are increasingly becoming the norm on British roads, allowing drivers to access maps, travel information and new digital radio services from the driving seat. But while smart cars and vans offer new services for drivers, it is feared would-be hackers could target them to access personal data, steal cars that use keyless entry, or even take control of technology for malicious reasons.

Tough new %$Linker: 2 External <?xml version="1.0" encoding="utf-16"?><dictionary /> 0 0 0 oLinkExternal government guidance false http://www.gov.uk/government/publications/principles-of-cyber-security-for-connected-and-automated-vehicles false false%> aims to ensure engineers developing smart vehicles will have to toughen up cyber protections and help design out hacking. The government is also looking at a broader programme of work announced in this year’s Queen’s speech under the landmark Autonomous and Electric Vehicles Bill that aims to create a new framework for self-driving vehicle insurance.

The guidance contains eight principles, setting out how the automotive sector can make sure cyber security is properly considered at every level, from designers and engineers, through to suppliers and senior level executives. These include:

  • Organisational security is owned, governed and promoted at board level:
  • Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain:
  • Organisations need product aftercare and incident response to ensure systems are secure over their lifetime;
  • All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system;
  • Systems are designed using a defence-in-depth approach;
  • The security of all software is managed throughout its lifetime;
  • The storage and transmission of data is secure and can be controlled;
  • The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail.

Barzilai says cars enter production with thousands of hidden security bugs. It is unavoidable, as all software has bugs and cars have between 10m to 100m lines of code, in each car. As autonomous cars get more sophisticated and as more human navigation tasks, such as looking around and steering, move to the car, the danger increases. Hackers can hack into a car through its internet-connected features such as the vehicle-to-vehicle (V2V) communications system, and once in, they can work their way into the rest of the car’s controls.
 
However, he says, cars have a significant cyber-security enabler, which should not be overlooked. Cars should run as they operate in-factory. Any unauthorised change to factory settings must be malware. Hardening the car’s externally-connected controllers according to their factory settings prevents cyber-attacks, when hackers try to exploit security bugs, before hackers succeed to infiltrate the car and without sending frequent security patches to the field.

UTC

Related Content

  • November 6, 2019
    NTSB: Uber’s AV in fatal crash ‘had software issues’
    The US National Transportation Safety Board (NTSB) has found that an Uber autonomous vehicle which killed Elaine Herzberg last year had software flaws. NTSB released a report which says the Volvo XC60’s autonomous system software classified the pedestrian as an unknown object and determined that an emergency braking manoeuvre was needed to mitigate the collision. Uber confirmed that emergency braking manoeuvres must be carried out manually and the system is not designed to alert the driver. Data
  • June 24, 2019
    Japan to equip 5G base stations on traffic lights
    The Government of Japan is to install 5G wireless communications base stations on traffic signals nationwide by 2025. A report by The Japan News says the project is expected to reduce costs for telecommunications service providers. As part of the project, traffic signals will be equipped with devices to measure the amount of traffic. The information sent from the stations to the vehicles is expected to support autonomous driving. Japan is not the only company looking to harness the potential of 5G. In F
  • March 20, 2018
    Designa displays parking hardware and software solutions
    Designa is inviting visitors to Intertraffic to find out all about the world of parking with easy-to-operate hardware and software trends that make usage in the car park significantly easier for customers. The company is highlighting its innovative, integrated equipment and software solutions to further establish itself as a software specialist in the industry. Well known for its high standards, Designa is presenting a brand new cash register which the company claims is far beyond the ordinary. Visitors ca
  • March 6, 2017
    Workshop: Self-Driving Cars: Strategic Implications for the Auto Industry
    Autelligence is hosting a one-day workshop on self-driving cars and the associated strategic implications for the auto industry, led by renowned expert Dr Alexander Hars. The workshop begins in Frankfurt, Germany on 23 March and arrives in Auburn Hills, Michigan on 16 May. The event aims to improve understanding of the strategic implications for the auto industry, its suppliers and related industries, as well as the potential impact on automobile design, model mix and volumes, brands and customer re