Digital resilience assessment service launched for vehicles
The Ricardo and Roke partnership is launching a comprehensive vehicle digital resilience assessment and benchmarking service to help automakers and tier 1 manufacturers assure the security of their products, and to ensure that they meet international cyber security regulations currently under development, as well as existing legislation affecting customer data security.
With increasing sophistication of onboard electronics systems and external connectivity through navigation, infotainment, digital communications and dealer maintenance networks, modern cars provide a feature base and functionality mix that would have been impossible even a few years ago.
However, with this unprecedented increase in product complexity comes a parallel increase of the ‘attack surface’ that hackers can exploit - the potential vulnerabilities that may provide a digital gateway into the vehicle and its data.
In addition to the implications of such breaches for product and personal data security, they also represent both a potential safety hazard for the vehicle occupants as well as a reputational risk to the vehicle manufacturer’s brand. Current regulations already place a requirement on vehicle manufacturers that they put in place actions to prevent incidents and understand risks of potential customer data breaches.
But future much tighter cyber security regulations are already being prepared under the auspices of the United Nations Economic Commission for Europe (UNECE). These are expected to include both the mandatory audit of each vehicle manufacturer’s cyber security management system, as well as a verification process to demonstrate that each new vehicle has been appropriately engineered with relevant risks identified, analysed and mitigated.
The new digital resilience vehicle assessment service being launched by the Ricardo and Roke partnership is aimed at helping vehicle manufacturers to protect their future products and to comply with these impending cybersecurity regulations. The service provides a fully independent, impartial and objective assessment, which draws on both the recommendations of the 5StarS vehicle assurance framework, and the Ricardo and Roke partnership’s own unique methodology and facilities.
Recognising that not all vehicle manufacturers will require the same level of expert assistance, the digital resilience vehicle assessment process is offered with three tiers of service. The baseline assessment tier identifies and categorizes potential vulnerabilities that may be exploited by hackers - both now and in the future - and provides an indication of the end-effect of these for the driver's safety and personal data protection.
The digital resilience level of the vehicle is ranked with respect to competitor data and, crucially, the service aims to provide guidance as to how any such identified vulnerabilities can be addressed through immediate and cost effective remedial actions. The enhanced tier of assessment builds on the baseline service with a penetration test to exploit the identified vulnerabilities in order to the assess potential impact of a successful breach.
The testing boundary is the same as the baseline but more physically intrusive and may include the analysis of any vehicle OEM backend servers and applications. Finally, a fully bespoke tier of assessment is offered with the level and detail of analysis tailored to the client’s precise requirements.
“The vehicle digital resilience assessment service now being offered by the Ricardo and Roke partnership is a major step forward in helping vehicle manufacturers ensure that their existing and future products are digitally secure,” commented Ian Penny, Commercial Director, Ricardo Automotive and Industrial. “Through this service we aim to give vehicle manufacturers confidence that their products are compliant and cybersecure against known and likely future threats, so that drivers’ data, security and safety can be appropriately protected.”
Neil Gladstone, Commercial Director at Roke, added: “We want to help consumers start choosing their cars on the basis of security, as well as long-established criteria like safety and fuel economy. To ensure tomorrow’s drivers can enjoy the benefits of digital services like navigation, collision avoidance, predictive parking and new applications, our digital resilience service provides a set of rigorous tests designed to maintain consumer confidence and peace of mind, by confirming that they are resilient to network attacks.”