As cars gain increasing amounts of driver assistance features that not only warn the driver but also take control, the threat of a cyber attack becomes more than an annoyance; the real danger now exists that a hacker could cause a car to crash on a public road. As the automotive industry continues its journey towards autonomy, this threat will increase.
While those in the automotive industry have been waking up to this danger over the past few years, it is refreshing to see that at last governments are also becoming aware and reacting. We were particularly interested in the guidelines put out by the UK government in August this year.
Under the title “The key principles of vehicle cyber security for connected and automated vehicles”, they laid out eight principles that the government believes should be followed throughout the manufacturing supply chain, from designers and engineers, all the way up to senior level executives.
The guidelines consist of the following eight principles:
- Principle 1 - organisational security is owned, governed and promoted at board level
- Principle 2 - security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
- Principle 3 - organisations need product aftercare and incident response to ensure systems are secure over their lifetime
- Principle 4 - all organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system
- Principle 5 - systems are designed using a defence-in-depth approach
- Principle 6 - the security of all software is managed throughout its lifetime
- Principle 7 - the storage and transmission of data is secure and can be controlled
- Principle 8 - the system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail
As you can see, the first principle insists that personal accountability for product and system security should be at board level. Obviously, this should be delegated appropriately but companies must ensure that awareness and training is implemented to embed what the guidelines call a culture of security and that engineers embrace the idea of security by design.
The guidelines take this further by recommending that companies take steps to keep up to date with current threats and implement appropriate risk assessment procedures, including in the supply chain. Where appropriate, this should involve collaboration with third parties, subcontractors and suppliers. Various parties should work together to ensure systems safely and securely interact with external devices. Suppliers should be able to provide assurance such as independent validation or certification.
There are also guidelines on having security in depth, with no single point of failure. This involves reducing the attack surface where possible.
And the problem does not end when the hardware or software leaves the company, as aftercare must be in place over the product’s lifetime, including after-sales support services and incident response plans.
Other principles include making sure the storage and transmission of data are secure and that a system can respond to an attack and react appropriately if its defences or sensors fail. The latter includes failing safe if safety-critical functions are compromised.
However, we were particularly interested in principle six, as its call for adopting secure coding practices is close to our heart. These should be able to manage risk from known and unknown vulnerabilities in software, including existing code libraries. Procedures to manage, audit and test code should be in place.
The experience of our customers shows that the adoption of secure coding practices, supported by a comprehensive code quality management system with static analysis tools, can be extremely effective for reducing the risks from security vulnerabilities in software. We look forward to the adoption of this principle in the future regulatory framework for autonomous vehicles.
These government guidelines are welcome as we see them as a necessary step to making vehicles safer and allowing the industry to realise its vision of autonomous driving.
The full guidelines are available at https://www.gov.uk/government/publications/principles-of-cyber-security-for-connected-and-automated-vehicles/the-key-principles-of-vehicle-cyber-security-for-connected-and-automated-vehicles