News broke yesterday that the UK government has new guidelines for securing smart cars. As vehicles continue to become smarter and increasingly common on British roads, the UK government says it is crucial that manufacturers take the correct steps to make them cyber secure. IT security experts commented below.
Raj Samani, Chief Scientist and Fellow at McAfee:
“With the county’s strong manufacturing heritage, it’s unsurprising that the government has high hopes for the UK to be a global leader in driverless car technology.
The new cybersecurity guidelines will be a key step in achieving this goal, with the security of the car’s network paramount to the safety of the driver and those in the car’s vicinity.
Driverless vehicles must be secure by design, and the government’s new guidelines will undoubtedly play a key role in ensuring that UK car manufacturers make that happen.”
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies:
“The proposed key principles sound reasonable, but we doubt it’s enough to provide security when it goes to real tech.
“The most doubtful principle is the last one, saying the system should “respond appropriately when its defence or sensors fail”. If the sensors have not failed but are compromised, they can provide wrong data and endanger human lives. The possible solution is to use more sources of data, not just from this car but from other cars, from the road infrastructure including traffic cameras and interactive maps. Smart vehicles security cannot be considered in isolation, it’s part of a bigger, more complex system of the whole city.
“Another principle that would be hard to put in practice is the one saying “all organisations, including sub-contractors, suppliers and potential third parties, work together to enhance the security of the system”. Although we agree with this guideline, some of the recent IoT incidents prove this concept to be hardly possible. Telecom providers don’t know about the vulnerabilities in their routers made somewhere in China. Security guards don’t know about the back doors in the surveillance cameras they use. If you want to get the whole coordination of all the supply chains and controls of a smart car production you need something like NASA mission control center.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.