Self-driving cars vs hackers: Can these eight rules stop security breaches?

The UK has issued a set of cybersecurity guidelines for vehicles.
Written by Danny Palmer, Senior Writer

The increasingly internet-connected nature of vehicles means cars are fast becoming just another potential target for hackers looking to steal personal data, remotely control vehicles, or even leave the driver unable to start the car because the systems have been infected with ransomware.

And that's before the eventual arrival of driverless vehicles on roads across the country.

In an effort to combat the issue before it's too late, the UK government has issued a set of cybersecurity guidelines for connected and autonomous vehicles in order to better protect them from hackers and cyberattacks.

While many automotive companies already have specialists focusing on security, the eight principles are designed to provide guidance to car manufacturers and their supply chains on how they can ensure cyber security is ingrained into every level of the car building process. The basics of the principles are:

  1. Organisational security is owned, governed and promoted at board level
  2. Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
  3. Organisations need product aftercare and incident response to ensure systems are secure over their lifetime
  4. All organisations, including sub-contractors and suppliers work together to enhance the security of the system
  5. Systems are designed using a defence-in-depth approach
  6. The security of all software is managed throughout its lifetime
  7. The storage and transmission of data is secure and can be controlled
  8. The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail

See also: Photos: The amazing prototypes in the race to build self-driving cars

"Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected," said transport minister Lord Callanan.

The government says it will continue to collaborate with the auto industry to ensure vehicles are protected against cyberattacks -- a move welcomed by many in the security sector.

"Driverless vehicles must be secure by design, and the government's new guidelines will undoubtedly play a key role in ensuring that UK car manufacturers make that happen," said Raj Samani, chief scientist at McAfee.

However, while the guidelines are welcome, they'll only work if a similar strategy is adopted across around the world.

"The challenge with regulatory controls is that in a global market, each country will have its own implementation and requirements. While this is a step in the right direction, we now need to be working towards consistency across multiple geographies to assist manufacturers," Samani told ZDNet.

Manufacturers of robots and Internet of Things devices are currently facing similar issues, with government organisations around the world also attempting to regulate security in these devices in order to ward off the threat of hackers.


Editorial standards