Automotive Cyber Security
Connected vehicles take us toward a mode of transport that is safer and more efficient, by enabling an interconnected driving experience. One way cars are interconnecting is via the internet, but there is concern that this could expose connected cars – and the people in them – to potential risks from online threats. This briefing surveys issues related to this concern, but prescriptions for remedial solutions are not part of its scope. This review focuses on the areas of automotive cyber security that, at this stage in their development, are receiving attention. Research undertaken to identify possible automotive cyber security vulnerabilities are highlighted, how automotive OEMs seem to be responding to the claims that cars can be ‘hacked’, along with examples of media coverage of some of the issues. It looks at some of the motivating factors that might make connected vehicles and their workings attractive to malevolent actors, and where some of the responsibilities and liabilities for countering threats may ultimately be assumed, ranging from automotive OEMs to car users themselves. The document also scopes some recommendations for further debate. In brief, these recommendations encourage consultation between the automotive industry bodies for which cyber security should be an agenda issue and professional bodies in non-automotive sectors already engaged in cyber security awareness-raising; the development of guidelines for issues around professional disciplines with an interest in automotive cyber security and autonomous vehicles; and extended thought leadership into the areas of connected vehicle driver responsibility, and issues around liabilities related to automotive cyber security incidents.