The average car manufactured today contains over 100 million lines of code. This represents a huge data surface which threat actors can attack to alter a component’s behaviour from its originally intended function. On top of this, new security implications will arise as vehicles become increasingly connected to their surrounding digital infrastructure. This could range from fully autonomous fleet management systems instructing individual cars where to go, to reading traffic light sensors to determine when to start or stop. Each interaction will need to be protected so that malicious data cannot be fed into a CAV to make it perform actions which endanger its passengers or passers by. If there is public mistrust in the safety of the underlying technology then it will never have the mass appeal necessary to live up to the automotive revolution promised by truly autonomous vehicles. As such the government has recognised the essential need for robust CAV security and has provided funding to numerous projects to research the implications and practicalities of this.
The Grand Plan
To accelerate and direct the innovation within the self-driving revolution the government created Zenzic (formerly Meridian). Through the funding of a series of projects and collaboration with a multitude of companies they have created the UK Connected and Automated Mobility Road Map.
H3: The Cyber Centre of Excellence
Given the amount of funding and research currently being poured into Connected Autonomous Vehicles (CAVs) it is a near certainty that we will see a dramatic increase in the number of CAVs on the road over the next decade. What is equally certain is the need for CAVs to be able to securely exchange information with other vehicles (V2V) and transport infrastructure (V2I) using various wireless and internet communication methods.
Without this capability, the potential safety risks could make these vehicles essentially uninsurable, rendering mass adoption of the emerging technology impossible. An integral part of the plan for general public acceptance is the creation of the Cyber Centre of Excellence. It is proposed that this centre will define what it means for a CAV to be considered safe, by supporting trials, skills, legislation and regulation for services, vehicles, infrastructure. According to the Zenzic road map, this should be completed in 2022.
Through this centre, processes can be created that surround autonomous mobility innovation to ensure that security is at the heart of every new development. In fact part of its remit will be to create a set of standards that must be followed to ensure that vehicles are made safely, helping to generate public trust in the technology behind them. It will also serve as a knowledge source for the CAV supply chain, providing businesses with the information they need to ensure that they have adopted sufficient security measures.
Cyber Security Feasibility Study
Cyber Resilience in Connected and Automated Mobility (CAM) – Cyber Feasibility Report
As part of the CAVShield Consortium we published the project’s reports into the feasibility of detecting and mitigating vulnerabilities and threats to networks of Connected and Automated Vehicles (CAVs). This consortium was part of 7 projects funded through Zenzic’s £1.2M Cyber Security competition, and was delivered through the Centre for Connected & Autonomous Vehicles by Innovate UK. From these 7 projects Zenzic has released a Cyber Resilience in Connected and Automated Mobility (CAM) – Cyber Feasibility Report, which answers the 3 following questions:
- What methodologies are needed to measure and monitor cyber security for connected and self-driving vehicle technologies?
- What would a set of requirements for a Cyber Centre of Excellence look like?
- What would a viable economic case look like to support further operation and R&D within the Cyber Centre of Excellence?
CAVShield produced 3 reports against these questions, including an outline of the facility requirements and expertise needed for a CAV Cyber Security Centre of Excellence to combat ever-evolving cyber threats. As experts in information exchange, Nexor contributed their wealth of knowledge to explore potential risks within the data landscape that would need to be mitigated to keep autonomous vehicles protected from threat actors.
To download your own copy of the feasibility study and read it in full please head over to the ZenZic website here.
Author Bio – Colin Robbins
Colin Robbins is Nexor’s Managing Security Consultant. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP) and Security Auditor (Senior CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.
