The consortium working on a two-year UK government-backed research project has released a consultation paper to seek feedback on a new assurance framework to assess the cybersecurity of vehicles’ computing systems.
With the rise of innovative computing and communications technology is becoming a common component of new vehicles, from in-car entertainment to inter-vehicle/infrastructure connectivity, manufacturers must have proven, built-in safeguards and resilience against the emerging threat of cyberattacks. Furthermore, the arrival of connected and autonomous vehicles (CAVs) and automated advanced driver assistance systems (ADAS) is also accelerating the debate around technology’s role in, and impact on, road safety. Continuing to build consumers’ trust in vehicle safety and cybersecurity is therefore critical to the advance mobility systems and services.
Launched in April 2017 and funded by the Innovate UK government agency, the 5StarS project was created to research and develop an assurance framework for assessing the cybersecurity of vehicles. The aim of the project is to develop a 5-star type consumer rating framework, like Euro NCAP’s vehicle safety ratings, to give UK consumers transparency about a car’s potential cybersecurity risk. The 5StarS consortium brings together key UK automotive industry research bodies HORIBA MIRA, Ricardo, Roke, Thatcham Research and Axillium Research to address the increased cybersecurity threat to connected and autonomous vehicles.
The 5StarS consortium has been researching and developing a framework to assure consumers and the general public that connected and autonomous vehicles, components and systems have been designed and tested to relevant cybersecurity standards. The 5StarS assurance framework outlined in the consultation paper will enable manufacturers to gain assurance in their products, use resilience to attacks as a market differentiator, and establish meaningful ways of communicating cybersecurity risk to consumers. Feedback is sought from automotive manufacturers, government and insurers to ensure this revolutionary framework is readily adopted when finalized this summer.
The paper provides a roadmap to increasing assurance, which starts by meeting the requirements of the emerging regulations and standards such as ISO/SAE 21434, while introducing independent vehicle vulnerability assessments. This allows the framework to be adapted to cope with continually changing threats. The paper also proposes a consumer-facing risk rating system to reassure consumers about their choice of vehicle.
“It’s important we address cybersecurity assurance for connected and autonomous vehicles, not only for vehicle manufacturers but for the automotive industry as a whole, as well as insurers and consumers,” explained Paul Wooderson, cybersecurity principal engineer at HORIBA MIRA and the 5StarS project lead. “The easy-to-understand rating system is essential for customers’ peace of mind, as is demonstrating that appropriate security measures are in place. We are now inviting feedback on this paper, which we will use to further enhance the 5StarS framework, providing a positive solution for trusted and resilient mobility.”
