The increasingly internet-connected nature of vehicles means cars are fast becoming just another potential target for hackers looking to steal personal data, remotely control vehicles, or even leave the driver unable to start the car because the systems have been infected with ransomware.
And that's before the eventual arrival of driverless vehicles on roads across the country.
In an effort to combat the issue before it's too late, the UK government has issued a set of cybersecurity guidelines for connected and autonomous vehicles in order to better protect them from hackers and cyberattacks.
While many automotive companies already have specialists focusing on security, the eight principles are designed to provide guidance to car manufacturers and their supply chains on how they can ensure cyber security is ingrained into every level of the car building process. The basics of the principles are:
- Organisational security is owned, governed and promoted at board level
- Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
- Organisations need product aftercare and incident response to ensure systems are secure over their lifetime
- All organisations, including sub-contractors and suppliers work together to enhance the security of the system
- Systems are designed using a defence-in-depth approach
- The security of all software is managed throughout its lifetime
- The storage and transmission of data is secure and can be controlled
- The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail
"Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected," said transport minister Lord Callanan.
The government says it will continue to collaborate with the auto industry to ensure vehicles are protected against cyberattacks -- a move welcomed by many in the security sector.
"Driverless vehicles must be secure by design, and the government's new guidelines will undoubtedly play a key role in ensuring that UK car manufacturers make that happen," said Raj Samani, chief scientist at McAfee.
However, while the guidelines are welcome, they'll only work if a similar strategy is adopted across around the world.
"The challenge with regulatory controls is that in a global market, each country will have its own implementation and requirements. While this is a step in the right direction, we now need to be working towards consistency across multiple geographies to assist manufacturers," Samani told ZDNet.
Manufacturers of robots and Internet of Things devices are currently facing similar issues, with government organisations around the world also attempting to regulate security in these devices in order to ward off the threat of hackers.
READ MORE ON CYBER SECURITY
- Why the connected car is one of this generation's biggest security risks
- Does connecting your phone to your car open up new security risks?
- Researchers hacked a car wash to attack the vehicle inside [CNET]
- How your connected home or office is a gift for hackers, criminals, and cyber spies
- Wanted: White hat hackers to break new automotive software updater code [TechRepublic]