Vehicle cyber security
With the automotive industry advancing in technology, cyber security is a growing concern.
Many vehicles have advanced vehicle safety technologies that depend on electronics, sensors and computing equipment. Bluetooth and Wi-Fi connections in cars are now common features and it won’t be long before we see fully autonomous vehicles on the road that will be vulnerable to hacking and data theft.
The Internet of Things (IoT) – where physical objects have equipment that allow the transfer of data – holds great promise for controlling gadgets, media and infrastructure, but it also allows cyber criminals to launch large-scale and damaging attacks.
Key guidance for vehicle cyber security
To improve cyber security in the automotive industry, the UK government has issued new design guidelines for smart cars:
Organisational security is owned, governed and promoted at board level.
Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain.
Organisations need product aftercare and incident response to make sure systems are secure over their lifetime.
All organisations, including sub-contractors, suppliers and potential third parties, work together to enhance the security of the system.
Systems are designed using a defence-in-depth approach.
The security of all software is managed throughout its lifetime.
The storage and transmission of data is secure and can be controlled.
The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail.
To read the full list of principles, visit the UK government’s website.
Strengthening cyber security in the automotive industry
Cyber security needs to be prominent throughout all parties involved in the manufacturing of smart cars. As part of the UK government’s guidelines, those involved will be asked to create security programmes that encompass people, processes and the technology itself.
A number of frameworks already exist to help organisations reduce their cyber risks.
IT Governance recommends that organisations use ISO 27001, the international standard providing best practice in information security, combined with Cyber Essentials, which offers a baseline for mitigating key cyber security risks.
ISO 27001 and cyber security
ISO 27001 is the internationally recognised best-practice standard for information security management.
Implementing ISO 27001 will help your business protect its information, comply with regulatory obligations related to data security, and provide assurance to your customers and stakeholders that you have taken the necessary measures to be cyber secure.
More information on ISO 27001 >>
The Cyber Essentials scheme was developed by the UK government to help businesses deal with the business-critical issues of cyber security and cyber resilience. The scheme provides five key controls that organisations can implement to achieve a basic level of cyber security.
More information on Cyber Essentials >>
ISO 27001 resources
Download free information on cyber security
This paper will help you understand what cyber security is, the threats facing your organisation, the correlation between security spending and security effectiveness, and our seven-step security strategy.
To discuss your cyber security requirements, email us at firstname.lastname@example.org or call +44 (0)333 800 7000.