In order to mitigate the risks of cyberattacks that come with the ever-increasing connectivity of motor vehicles, the European Automobile Manufacturers’ Association (ACEA) has published six key principles of automobile cybersecurity, which all its members endorse.
“The digital world offers unprecedented opportunities,” states ACEA Secretary General, Erik Jonnaert. “Nevertheless, opportunity comes with risks, and one of these is the threat of a direct cyberattack on your car or indeed a whole fleet of vehicles. Keeping cybersecurity risks for connected vehicles in check is therefore of crucial importance.”
Firstly, countering such risks requires the number of data interfaces within a vehicle to be limited. Secondly, interfaces that are needed for connectivity purposes should be protected with very high cybersecurity measures. Highly aware of this, the automobile industry has taken the lead in designing and producing safe and secure connected and automated vehicles, by following well-established safety and security principles.
If adequate cybersecurity mechanisms are not implemented and cybersecurity risks not dealt with appropriately, the interfaces of connected vehicles can present an opportunity for exploiting vulnerabilities. Attackers may for instance compromise the user’s personal data, threaten vehicle systems or endanger the safety of passengers.
ACEA welcomes the Commission’s Communication on cybersecurity published last month, which states that specific sectors, facing specific threats, should be encouraged to develop their own approach to cybersecurity in order to complement general cyberstrategies.
In this spirit, and demonstrating the industry’s commitment to continue to ensure user safety, ACEA and its 15 member companies have published a set of six key principles:
- Cultivating a cybersecurity culture
- Adopting a cybersecurity life cycle for vehicle development
- Assessing security functions through testing phases
- Managing a security update policy
- Providing incident response and recovery
- Improving information sharing amongst industry actors
All manufacturers agree to endorse these principles to enhance the protection of connected and automated vehicles against cyber threats.
Furthermore, ACEA and its members will continue to fully support ongoing regulatory and standardization initiatives taking place in various fora, such as UN-ECE and SAE/ISO.