A new United Nations regulation will soon require vehicle makers in jurisdictions in Japan, South Korea, and the European Union to secure connected vehicles from cyber security threats.
In June, 53 countries adopted an agreement that requires national regulators to guarantee vehicles are adequately protected against potential cyber security attacks. The agreement also requires manufacturers to ensure that suppliers include cyber security protection such as forensic technology able to decipher cyber attacks.
While the U.S. participated in discussions, it did not vote. As such, U.S. vehicle manufacturers are not held to the U.N. regulation. However, those that sell vehicles in jurisdictions under the cyber security regulation must comply.
The U.S. has yet to introduce its own specific cyber security regulations for autonomous vehicles. As discussed in a previous post though, U.S. legislation surrounding the safety and innovation in testing and deployment of autonomous vehicles (The SELF DRIVE Act) does require manufacturers to create cyber security policies on how they will respond to cyber attacks for vehicles that are highly automated.
What Cyber Security Threats do Vehicles Face?
Much of the concern surrounding future autonomous vehicles is centered on their ability to function on the road without causing accidents. However, the potential for hackers to remotely access these vehicles, which will be equipped with numerous high-tech systems, also poses a risk to public health and security. In fact, the high-level of connectivity of these systems can make it possible for even a single hacker to do enormous damage.
In 2019, an anonymous hacker demonstrated this threat by breaking into over 7,000 iTrack accounts and over 20,000 Protrack accounts, which are tracking devices that some vehicle manufacturers use to oversee commercial fleets via GPS signals. The hacker managed to access idling and slow-moving vehicles in a handful of countries, including the Philippines and India, in order to remote turn off their engines. He also managed to access drivers’ individual account data.
While experts fear that hackers could someday potentially access entire fleets of autonomous vehicles and turn them into weapons, potential cyber security attacks don’t need to be sophisticated to cause damage. For example, a vandal may be able to easily fool or confuse vehicles by damaging roadway signs. This could cause autonomous vehicles to swerve off roads or crash into other motorists. Thankfully, engineers are working to develop advanced technology in order to prevent such scenarios.
What Does the U.N. Regulation Require?
This recent U.N. regulation ensures manufacturers will take adequate steps to protect their vehicles—and customers—from these types of threats. “If consumers get their car hacked, the manufacturers will be ready to take action and respond,” François Guichard, secretary of the U.N. World Forum’s Working Party on Automated/Autonomous and Connected Vehicles, which drafted the regulation, told the Wall Street Journal.
Under the regulation, manufacturers must address specific threats, such as potential malware infiltration of servers, which could give hackers access to troves of connected vehicle data. The regulation also requires manufacturers to document ways they will protect vehicles from specific threats, how they will update authorities on the success of their efforts at least once annually, and how they will report pertinent data on cyber attacks.
Manufacturers in some regions are already implementing the U.N. regulation. South Korea will start introducing parts of the regulation in 2020. Other countries have scheduled their implementation timelines further out with. Japan will include the rules in 2021, and the EU will begin including them in 2022.
Understanding Autonomous Vehicle Technology
Prepare your organization for the latest developments in autonomous vehicle technology. Offer training in foundational and practical applications of autonomous, connected, and intelligent vehicle technologies. Developed by leading experts in the field—including Steve Vozar, CTO and co-founder of May Mobility—the IEEE Guide to Autonomous Vehicle Technology is a seven-course online training program.
Connect with an IEEE Account Specialist today to learn more about purchasing the program for your organization.
Interested in purchasing the program just for yourself? Access it through the IEEE Learning Network.
Stupp, Catherine. (9 July 2020). U.N. Rules Require Cybersecurity Guarantees for Connected Cars. The Wall Street Journal.
Kunkle, Fredrick. (30 April 2019). Auto industry says cybersecurity is a significant concern as cars become more automated. The Washington Post.