Cyber-security for connected vehicles and assisted driving
Massimo Brunamonti
The European Commission review the General Regulation on vehicle safety
Cyber-security, is taking the spotlights both in Geneva (UNECE) and in Brussels where the European Commission is busy reviewing the General Regulation on the Safety of Motor Vehicles. UNECE, a UN body responsible, according to international agreements, for global harmonization in the field of land transport, has recently decided to focus its work on autonomous/assisted driving, setting up a dedicated group called GRVA. Not long after that the group identified cyber-security as a priority: no need to be Isaac Asimov to imagine apocalyptic scenarios with hackers able to send the world’s traffic totally hey-wire without adequate digital security.
UNECE has set itself the ambitious target of achieving, by the end of 2019, a comprehensive framework for a type-approval regulation of "IT security systems" made by the manufacturers and used on their vehicles. The concept behind this idea is: since the manufacturers are responsible for safety on their vehicles, it is only reasonable that they are given the option to design their own cyber-security system; the protocol (or type-approval) will consist of inspection procedures without the need to define any minimum requirements, which is what happens in the case of motor vehicles. This is the case with UNECE, which, it is worth remembering, is not a legislative body per se, but international agreements give it such authority that legislators tend to refer to its guidelines when developing laws, as in the case, for example, of tires. As far as the European Commission is concerned, this has already announced that it will refer extensively to the results of UNECE’s work when revising the General Regulation on the safety of motor vehicles.
While cyber-security is a vital requirement for assisted driving, it can also cause problems for car repairers, as noted by AFCAR, the European Alliance for Freedom in Car Repair. AFCER’s concerns are rather concrete: on-board cyber-security systems have as their primary purpose the blocking of unauthorized access to vehicles, which could be harmful or even dangerous for passengers. This much is true, but we should not forget that "external" access is and will always be necessary, especially during maintenance work, at least for diagnosis, which is increasingly important and sophisticated (see ADAS calibration). Therefore, the general concern is that cyber-security might be used as an excuse to erect barriers with discretionary access, thus excluding a large part of independent repairers.
UNECE has set itself the ambitious target of achieving, by the end of 2019, a comprehensive framework for a type-approval regulation of "IT security systems" made by the manufacturers and used on their vehicles. The concept behind this idea is: since the manufacturers are responsible for safety on their vehicles, it is only reasonable that they are given the option to design their own cyber-security system; the protocol (or type-approval) will consist of inspection procedures without the need to define any minimum requirements, which is what happens in the case of motor vehicles. This is the case with UNECE, which, it is worth remembering, is not a legislative body per se, but international agreements give it such authority that legislators tend to refer to its guidelines when developing laws, as in the case, for example, of tires. As far as the European Commission is concerned, this has already announced that it will refer extensively to the results of UNECE’s work when revising the General Regulation on the safety of motor vehicles.
While cyber-security is a vital requirement for assisted driving, it can also cause problems for car repairers, as noted by AFCAR, the European Alliance for Freedom in Car Repair. AFCER’s concerns are rather concrete: on-board cyber-security systems have as their primary purpose the blocking of unauthorized access to vehicles, which could be harmful or even dangerous for passengers. This much is true, but we should not forget that "external" access is and will always be necessary, especially during maintenance work, at least for diagnosis, which is increasingly important and sophisticated (see ADAS calibration). Therefore, the general concern is that cyber-security might be used as an excuse to erect barriers with discretionary access, thus excluding a large part of independent repairers.
On the same topic
#“Smart” cars; privacy protection means big business for the automotive industry#Blockchain, possible applications in the automotive field