ACEA Takes Action: The Foundation of Automotive Cybersecurity in Europe

“The digital world offers unprecedented opportunities. Nevertheless, opportunity comes with risks, and one of these is the threat of a direct cyberattack on your car or indeed a whole fleet of vehicles. Keeping cybersecurity risks for connected vehicles in check is therefore of crucial importance.”

These words, spoken by Erik Jonnaert, Secretary General of the European Automobile Manufacturers’ Association (ACEA) perfectly summarize the hurdle facing connected cars that is cyber terrorism. The ACEA represents 14 Europe-based car, van, truck, and bus makers – including Volvo, Daimler, and Volkswagen among others. The consensus of their members on automotive cybersecurity is clear indication of its importance to the industry.

The limitless opportunities stemming from the increased connectivity of connected cars host a slew of vulnerabilities that, if exploited, will threaten personal data, public and private property and human life.

In order to bring these threats into focus, the ACEA published six key principles of automotive cybersecurity for the industry to adhere to. These principles establish a foundation for more developed, specific guidelines to build upon in the future. As reported by Automotive World, they are as follows:
1. Cultivating a cybersecurity culture
2. Adopting a cybersecurity life cycle for vehicle development
3. Assessing security functions through testing phases
4. Managing a security update policy
5. Providing incident response and recovery
6. Improving information sharing amongst industry actors

The principles echo many valuable sentiments put forth by other legislative bodies over the past year, drawing emphasis to the necessity of a cybersecurity culture and secure update policies. The call for appropriate incident response procedures is also familiar, with the United Kingdom’s “Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles” identifying the same need.

While an important step in the development of best practices and in-depth cyber security guidelines for vehicles, the principles laid out by the ACEA serve as a valuable foundation. Instead of serving as a standard for the quality of the security needed in the industry, the ACEA’s principles provide guidance for the path manufacturers should take in developing their automotive cyber security. The framework set by the principles will likely grow to include specific technical requirements for cybersecurity as the industry matures. In time, more data will be available in this yet-blooming field, driving forward the new age of safety policy and legislation.