Throughout history, governments have played a huge part in the development of technologies and their uses, often stepping in to ensure quality of use, safety, and standardization of industry best practices.
Whenever technology impacts society on a large scale, the potential negative consequences need to be considered alongside the benefits, and when it comes to connected cars, the biggest of these threats is undoubtedly cyber terrorism. With the age of self-driving cars and smart cities just over the horizon, government legislation is transforming our connected future from mere theory into reality.
Earlier in August, the United Kingdom published their “Principles of cyber security for connected and automated vehicles,” a set of guidelines detailing the necessities of connected and automated vehicles in the future. Such direct legislation is clear indication of the seriousness of the matter of automotive cyber security. What has long been simply the work of fiction and research is quickly become a potential threat to the connected car landscape, and having governments recognize it as such is the first step in creating a safer IoT driven world. Without such official recognition, the gravity of this threat is likely to be lost on the public until it is too late – that is, when an automotive cyber-terrorist attack has already taken place.
Of the many detailed guidelines laid out in the list of principles, two key points must be given special attention:
- Principle 3.1
- Organizations plan for how to maintain security over the lifetime of their systems, including any necessary after-sales support services.
- Principle 5.1
- The security of the system does not rely on single points of failure, security by obscuration or anything which cannot be readily changed, should it be compromised.
The first of these principles presents a clear message – for any system to be fully secure, it must be maintainable for the duration of its lifetime. Patching of exposed exploits and/or other threats is a necessity, as cyber security is an ever-evolving field in which a static defense system has no place. This same sentiment is echoed in Trillium’s philosophy, as part of our multi-layered SecureIOT platform is our SecureOTA and SecureSKYE systems, that enable an over-the-air update system designed from the ground up expressly for use in an automotive environment.
The second principle quoted is just as, if not more important than the first. The emphasis in this message is that no system is safe if its defense is concentrated on a single point of failure – multiple layers of security are necessary. In accepting the reality that no single security system alone is impregnable, the only solution therefore is to provide multiple systems under a single ecosystem. This message is the core of Trillium’s philosophy, the conviction that security done right has not one layer of protection, but multiple layers.
The United Kingdom’s foresight to develop such legislation pre-emptively is an example to be followed, and we hope to see more countries follow suit as this issue reaches more of the public.