UK’s cyber security guidelines for connected vehicles is not boring, but much more information needed

Bob Emmerson

This started as a review of a UK government publication titled, “The Key Principles of Cyber Security for Connected and Automated Vehicles,” words that came across as boring civil servant-speak.

Forget that, says freelance IoT writer, Bob Emmerson: it’s anything but boring. This document is short, 18 pages; well written, an easy read; and packed with punchy guidelines that apply equally well to other industrial sectors.

It works well as an introduction to cyber security, but for anybody with a serious interest in the subject it came across as being somewhat superficial. There are seven pages of nicely crafted line drawings of automotive bits and pieces that don’t really add anything.

They could and should have been used to provide more content on important topics without dropping down into heavy techie detail. Topics like secure authentication, using standards-based proven technologies, and solutions that leverage digital certificates to provide the highest level of security. Similar comments came from specialists in the industry.

Gary McGraw, VP of security technology at Synopsys commented: Counting on any government to regulate autonomous vehicles is not likely to be too fruitful, especially when it comes to security. Privacy regulation in Europe (and the UK) may have a better impact. Fortunately, manufacturers are stepping up and working on security diligently. They are much more likely to get this right with companies like Synopsys without the government being involved at all.”

There were doubts, too, from Leigh-Anne Galloway, Cyber Security Resilience lead at Positive Technologies: “The proposed key principles sound reasonable, but we doubt it’s enough to provide security when it goes to real tech. The most doubtful principle is the last one, saying the system should ‘respond appropriately when its defence or sensors fail’. If the sensors have not failed but are compromised, they can provide wrong data and endanger human lives.”

“Another principle that would be hard to put in practice is the one saying ‘all organisations, including sub-contractors, suppliers and potential third parties (should) work together to enhance the security of the system’. Although we agree with this guideline, some of the recent IoT incidents prove this concept to be hardly possible. Telecom providers don’t know about the vulnerabilities in their routers made somewhere in China. Security guards don’t know about the back doors in the surveillance cameras they use,” Galloway added.

Ilia Kolochenko, CEO of web security company, High-Tech Bridge said, “This is a very positive sign and a laudable effort finally undertaken by the government. Connected cars, and the IoT industry in general, need governmental regulation and enforcement of strict security standards.

“However, we need much more detailed practical guidelines with contribution from leading cyber security experts, practitioners and researchers, not just a set of generalised best practices. Moreover, a violation of the guidelines must be severely sanctioned, otherwise car vendors, and especially their suppliers, will likely ignore them,” Kolochenko concluded.

To get this publication click here.

The author of this blog is Bob Emmerson, freelance writer and telecoms industry observer

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

Recent Articles

Phishing attacks increase 718% in Europe, says Allot research

Posted on: March 2, 2021

Allot Ltd., a global provider of network intelligence and security solutions for service providers and enterprises worldwide, has released its 2020 Europe Cyber Threat Report.

Read more

How 5G will turbocharge IoT growth

Posted on: March 2, 2021

5G is bringing new rich streaming services to the cell phone market, catering for massive increases in broadband use. At the same time, it is set to transform the IoT market, bringing both rich new data services as well as enabling huge new volumes of connected devices. While there is a natural limit to the

Read more