UK’s cyber security guidelines for connected vehicles is not boring, but much more information needed

Bob Emmerson

This started as a review of a UK government publication titled, “The Key Principles of Cyber Security for Connected and Automated Vehicles,” words that came across as boring civil servant-speak.

Forget that, says freelance IoT writer, Bob Emmerson: it’s anything but boring. This document is short, 18 pages; well written, an easy read; and packed with punchy guidelines that apply equally well to other industrial sectors.

It works well as an introduction to cyber security, but for anybody with a serious interest in the subject it came across as being somewhat superficial. There are seven pages of nicely crafted line drawings of automotive bits and pieces that don’t really add anything.

They could and should have been used to provide more content on important topics without dropping down into heavy techie detail. Topics like secure authentication, using standards-based proven technologies, and solutions that leverage digital certificates to provide the highest level of security. Similar comments came from specialists in the industry.

Gary McGraw, VP of security technology at Synopsys commented: Counting on any government to regulate autonomous vehicles is not likely to be too fruitful, especially when it comes to security. Privacy regulation in Europe (and the UK) may have a better impact. Fortunately, manufacturers are stepping up and working on security diligently. They are much more likely to get this right with companies like Synopsys without the government being involved at all.”

There were doubts, too, from Leigh-Anne Galloway, Cyber Security Resilience lead at Positive Technologies: “The proposed key principles sound reasonable, but we doubt it’s enough to provide security when it goes to real tech. The most doubtful principle is the last one, saying the system should ‘respond appropriately when its defence or sensors fail’. If the sensors have not failed but are compromised, they can provide wrong data and endanger human lives.”

“Another principle that would be hard to put in practice is the one saying ‘all organisations, including sub-contractors, suppliers and potential third parties (should) work together to enhance the security of the system’. Although we agree with this guideline, some of the recent IoT incidents prove this concept to be hardly possible. Telecom providers don’t know about the vulnerabilities in their routers made somewhere in China. Security guards don’t know about the back doors in the surveillance cameras they use,” Galloway added.

Ilia Kolochenko, CEO of web security company, High-Tech Bridge said, “This is a very positive sign and a laudable effort finally undertaken by the government. Connected cars, and the IoT industry in general, need governmental regulation and enforcement of strict security standards.

“However, we need much more detailed practical guidelines with contribution from leading cyber security experts, practitioners and researchers, not just a set of generalised best practices. Moreover, a violation of the guidelines must be severely sanctioned, otherwise car vendors, and especially their suppliers, will likely ignore them,” Kolochenko concluded.

To get this publication click here.

The author of this blog is Bob Emmerson, freelance writer and telecoms industry observer

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Snow Software study uncovers the realities vs. the promises of cloud

Posted on: October 26, 2021

26 October, 2021 –Snow Software, the global provider of technology intelligence, unveiled findings from its most recent survey, based on the input from more than 500 IT leaders from organisations with over 500 employees in the United States and United Kingdom to determine the current state of cloud infrastructure.

Read more

CloudM announces Archive feature which save businesses time and money while meeting compliance demands

Posted on: October 26, 2021

CloudM, a SaaS data management platform, has announced the launch of Archive, a new feature which allows users to easily, automatically, and safely store and recover user data, helping businesses to remain compliant without facing the mounting user license fees associated with traditional archiving and ediscovery solutions.

Read more