Full Speed Ahead in a UK Approach to Automotive Cybersecurity

As the transition towards connected and autonomous vehicles (CAVs) gains pace, the issue of automotive cybersecurity has quickly risen up the ranks as a critical priority for industry and the government alike. But with so many factors to consider, including not just the development of the technology needed to offer real-time responsiveness to threats, but the correct implementation of standards, rules and best practice guidelines, the journey towards a robust, unified approach to CAV security is one which will hinge on innovation and cross-industry collaboration.

Here, Anthony Martin, Head of Vehicle Resilience Technologies at HORIBA MIRA talks about the important role that a pioneering new project, ResiCAV has played in helping define the roadmap for automotive cybersecurity – including the urgent call for a national programme.

 It is well documented that this modern age of the Internet of Things (IoT), in which almost every aspect of daily life is connected, comes with a risk. Indeed, as more processes become digital, and the physical and virtual worlds merge to offer benefits that include optimised efficiencies and convenience, the downside is an increase in opportunities for cyber-attacks.

Unsurprisingly then, with the UK government having asserted ambitions to be a global leader in CAV deployment and manufacturers continuing to make major breakthroughs in developing next generation vehicles, one pressing concern has quickly risen to the forefront – how will cybersecurity policy operate in the penetrable future world of connected vehicles? 

The reality is that the collective government and industry response to this will be incredibly important in terms of ensuring a safe and seamless transition to CAV deployment.

After all, the cyber threat facing CAVs is potentially a very serious one. As with most modern computer technologies, tomorrow’s connected vehicles will incorporate many different connection mechanisms to support the exchange of data between vehicles, people and infrastructure. This reliance on constant connectivity throughout the lifespan of the vehicle, exacerbates risk by presenting multiple opportunities for a hacker to implement a successful attack.

The resulting consequences are far-reaching. In addition to implications for users in terms of compromised privacy, fraudulent financial transactions and loss of functionality, there are serious safety risks in the potential for hackers to cause major road accidents or congestion.

Also aligned to this is the issue of public trust, as consumers become increasingly wary of the threat of cyber-crime. Two in five (43%) have admitted they’d stop associating with businesses that suffer data breaches.1 Thus, failure to achieve sufficient public trust in the safe and secure operation of CAVs and the associated infrastructure could affect the huge socioeconomic benefits afforded by the future mobility vision.

The good news is that amid growing concern around current automotive cybersecurity threats, recent years have seen the industry and government break major new ground in understanding the role of future automotive cybersecurity, driven by a number of major, government-funded collaborative research and development (R&D) projects.

Breaking New Ground

A great example is ResiCAV; part of a programme of seven collaborative projects bringing together cross-sector industrial, academic and government expertise from a range of key sectors in order to ascertain how the mobility industry should respond to emerging cybersecurity threats.

Supported by Zenzic and part-funded by the Centre for Connected and Autonomous Vehicles (CCAV) and Innovate UK, the ResiCAV project saw numerous leading research bodies and industry giants, including HORIBA MIRA, come together in a three-month study designed to explore the feasibility of creating a UK Cybersecurity ‘Centre of Excellence’ to address emerging cybersecurity threats across the mobility eco-system.

The resulting progressive research has not only successfully demonstrated the commercial viability of the creation of a UK Road Transport Centre of Excellence for Cybersecurity Resilience (CYB-R) – but asserted its very pressing need.

As part of the project, HORIBA MIRA took the lead role in formulating the vision for the Centre. For us, this vision involves bringing together the very best UK expertise to create an ecosystem of specialist services to include research, engineering, test, simulation and certification in road transport cybersecurity and resilient mobility, along with a closely-related education and training initiative. Hereby, the aim is to leverage existing capabilities to rapidly place the UK at the forefront of developing and providing cybersecurity solutions for the global mobility revolution.

In terms of achieving this progressive vision, our detailed report in this remit sets out a roadmap of six equally important recommendations that help set the direction for future policy.

First, it identifies the importance of bringing together a full range of world-class facilities, based on a linked cybersecurity testbed ecosystem (CLUST-R) that will integrate newly defined and existing UK testbeds. This must be supported by a broad range of relevant skills and capabilities in terms of different CAV and mobility technologies and their cybersecurity aspects. In an industry susceptible to an escalating skills gap, we believe this will rely heavily on attracting new talent and honing the next generation through dedicated learning, progression and development.

Equally important, we recommend that the CYB-R Centre must also act as the focus for a national capability to ensure the cybersecurity resilience of the UK’s associated V2X infrastructure, as well as providing an associated CYB-R Certification Centre. Aligned to this, the facility must also lead UK participation in relevant international standards and regulatory activity, including informing future government policy on cybersecurity for CAV and the wider mobility ecosystem.

As cybersecurity is a constantly evolving problem that tracks the developments in technology, it is imperative that CYB-R is closely integrated with a collaborative R&D environment with funding streams for the development and validation of future cybersecurity resilience methodologies.

Finally, updates to UK criminal legislation that make better provision for ethical and responsible cybersecurity research activities, will be essential to enable the lawful operation of all CYB-R engineering and research facilities to full effect.  

Of course, this multi-faceted future vision is an incredibly complex one that HORIBA MIRA was proud to lead, but the end result would be a world-leading, truly one-of-its-kind Centre of Excellence which would accelerate development of cybersecurity capabilities for CAVs and their infrastructure and will attract investment, build international reputation and develop UK intellectual capital – on a world stage.

 

A Driving Force

While many other government-funded initiatives have made solid automotive cybersecurity related recommendations, ResiCAV has uniquely proposed guidelines for protective operational monitoring technologies and services.

As a result of the extensive insights revealed during the work, recommendations set out by HORIBA MIRA have not only put forward a compelling case for the urgent delivery of a UK Centre of Excellence – but have also outlined the practical approach to its delivery.

Amid the escalating speed of CAV development, which continues to see more connected vehicles on the road, it becomes increasingly important that the UK leads the way in its according cybersecurity capabilities. Indeed, it may be a complex and vast task, but it is a fundamental one which, starting with the development of a national Centre of Excellence, will see the UK establish itself as the driving force behind automotive cybersecurity in the global race towards future mobility.