UK government cyber security guidelines for connected & autonomous vehicles
The Department for Transport, in conjunction with Centre for the Protection of National Infrastructure (CPNI), has created eight key principles of cyber security for connected and autonomous vehicles.
The guidance has been produced in response to the large (and growing) attack surface presented by connected and autonomous vehicle technology, as highlighted below:
The guidance targets all parties within the automotive manufacturing supply chain and all organisational layers within those companies.
The key principles are as follows:
- Principle 1: Organisational security is owned, governed and promoted at board level
- Principle 2: Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
- Principle 3: Organisations need to provide product aftercare and incident response to ensure systems are secure over their lifetime
- Principle 4: All organisations, including sub-contractors, suppliers and potential third parties, must work together to enhance the security of the system
- Principle 5: Systems are designed using a defence-in-depth approach
- Principle 6: The security of all software is managed throughout its lifetime
- Principle 7: The storage and transmission of data is secure and can be controlled
- Principle 8: The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail
To those of us who have worked in the cyber security industry for a long time, this is all sensible advice. However, within the Transport Assurance Practice at NCC Group, over the last five we have seen a huge range in cyber security maturity between OEMs, tier ones and tier twos across many different geographic regions.
Clearly, it is very useful for governments to provide guidance around the principles of cyber security, but there are some fundamental challenges that the automotive industry still faces while grappling with these concepts.
Understanding the current risks
Even if all these principles were adopted tomorrow by the industry, the lifespan of a modern vehicle is around seven to ten years. Therefore, there is a huge amount of existing connected technology embedded within cars that will be around for many years to come and as such understanding the risks associated with current technology is vital.
Safety testing is different to cyber security testing
Often, it is the functional safety engineers who are considered to be best placed within an OEM to manage cyber security programmes.
Engineering standards and processes around safety have been well established within the automotive industry for many years and, on the surface, the discipline appears similar to cyber security. However, there are some fundamental differences. For example, safety testing involves hazard analysis, which typically does not consider malicious attacks against a system. Therefore, training is vital to ensure that all practitioners are applying cyber security principles correctly.
Addressing the embedded systems mindset
In many OEMs there is often a reasonable level of cyber security awareness that already exists within their IT teams. However, due to inadequate internal communication between IT and engineering, this knowledge is not shared and there is a propagation of what we call the ‘embedded systems mindset’,. This is where vehicle components developed prior to today’s complex connectivity did not need the same level of cyber security robustness as they do today.
The eight principles within the UK government guidance align well with the Secure Development Lifecycle (SDL) – a key concept advocated by NCC Group and the services we offer.
If the industry embraces these principles, then future vehicles and associated connected technology will be significantly more capable of defending against cyber attacks.
NCC Group’s Transport Assurance Practice is a world leader in providing cyber security advice and guidance to the automotive industry. We are a strategic Cyber Security Partner to OEMs in Europe, North America and Japan and work with the whole automotive supply chain to support cyber strategy, including software, hardware, development and security.
Follow our Transport Assurance Practice LinkedIn Showcase Page: https://www.linkedin.com/showcase/18043314/
Published date: 08 August 2017
Written by: Andy Davis