“As the automotive industry increases the level of technology used in new vehicles, the nature of threats also increases particularly in the form of cyber-attacks. These attacks could potentially allow cyber-attackers to penetrate in-car systems, either using physical interaction or also by seizing control through attacks over the Internet; typically a connected car network has over 50 potential access points for a cyber-attacker now, and this will only increase as the level of technology integrated into the car goes up. Three years ago criminals sought access to vehicles by stealing the keys, but today three-quarters of cars stolen in London are done so without them, principally through electronic methods. It is important that cyber-attacks do not become physical ones because manufacturers are unable or unwilling to design in security.
“The industry needs to invest in creating systems that are securely built and well tested, with capabilities that can be improved as threats evolve and vulnerabilities are discovered. The public must be able to trust the new systems put in place and be confident when operating their vehicles that a “crash” is not going to be caused by cyber attackers.
“Simply introducing a car ‘security product’ is not a strong enough defence, nor is it a wise strategic direction of travel for the industry, we should look towards making vehicles ‘secure by design’. This will provide security measures aimed at preventing vulnerabilities from being attackable, rather than accepting flaws in design and masking them with a third part conventional security product.”