ENISA, the European Union Agency for Cybersecurity, has published a report on the cybersecurity risks to connected cars and outlined best practice measures to help mitigate them.
It says that the automotive industry is undergoing a "paradigm change" towards connected and autonomous vehicles. A number of connected cars are already available and connectivity is set to increase with the emergence of 5G, presenting cybersecurity risks which need to be managed.
ENISA points out that the cybersecurity challenges will increase with the emergence of semi-autonomous and autonomous cars, which make use of advanced machine learning and artificial intelligence techniques. Vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) interfaces needed for the deployment of intelligent transport systems and autonomous cars will also exacerbate the risk.
The attacks could lead to vehicle immobilisation, road accidents, financial losses, disclosure of sensitive and/or personal data, and even endanger road users’ safety. Appropriate security measures need to be implemented to mitigate the potential risks, especially as these attacks threaten the security, safety and even the privacy of vehicle passengers and all other road users, including pedestrians.
The report recommends introducing policies (covering security, privacy, asset management, and risk and threat management), organisational practices (such as relationships with suppliers, employees training and incident management), and technical practices (such as software security, cloud security, detection and access control).