UK Government Issues Cybersecurity Guidance for Autonomous Vehicles

The British government has unveiled new government guidance which it says will ensure engineers developing smart vehicles will apply tougher cyber protections in their designs to help combat hacking. The government is also looking at a broader program of work announced in this year’s Queen’s speech under the landmark Autonomous and Electric Vehicles Bill that aims to create a new framework for self-driving vehicle insurance.

Measures to be put before Parliament mean that insuring modern vehicles will provide protection for consumers if technologies fail. This comes alongside the new guidance that means manufacturers will need to implement cybersecurity threats as part of their development work.

The quick start guide to vehicle cybersecurity lists the 8 principles in the guidance which set out how the automotive sector can ensure cybersecurity is “properly considered at every level, from designers and engineers, through to suppliers and senior level executives.”

They include steps to ensure that:

  • organizational security is owned, governed and promoted at board level
  • security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
  • organizations need product aftercare and incident response to ensure systems are secure over their lifetime
  • all organizations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system
  • systems are designed using a defense-in-depth approach
  • the security of all software is managed throughout its lifetime
  • the storage and transmission of data is secure and can be controlled
  • the system is designed to be resilient to attacks and respond appropriately when its defenses or sensors fail

“Our cars are becoming smarter and self-driving technology will revolutionize the way in which we travel.” said Transport Minister Lord Callanan. “Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we’re turning vehicles into wifi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks.”