General, Motoring, News

Anti-speeding tech in EU underpinned by cybersecurity best-practices

Brendyn Lotz

8th July 2022

The Internet of Things was hugely exciting up until the point that folks started to realise that if it connects to the internet, it can be hacked.

At one stage it wasn’t uncommon for TV’s, refrigerators, routers or doorbell cameras to be hacked and used for nefarious purposes. The problem was that security wasn’t a consideration for home appliance makers because why would it be, who would hack a microwave right?

This week our guard was put up once more when the European Union implemented a new mandate that requires all new vehicles entering the market be fitted with an intelligent speed assistance (ISA) system. This requirement will also become mandatory for all new vehicles sold in Europe from July 2024.

While the requirements don’t stipulate that the system should be connected to other devices or system, the route vehicles are going, most elements of a car have a digital component to them.

The ISA feels like one of those components as it will require that a vehicle provides feedback to the driver in some way to alert them that they may be travelling too quickly.

This presents something of a risk should the ISA be connected to other systems.

“Cybersecurity risks to ISA may arise if it is connected to external systems outside of the car, for example, to an external cloud that uploads the data on speed limits, or through any other electronic control units of the vehicle. Depending on the electrical/electronic (E/E) architecture, attackers can access systems through external communication channels or by using a chain of vulnerabilities in other electronic control units connected to a public network,” explains global alliance manager for the Kaspersky OS Business Unit, Evgeniya Ponomareva.

Thankfully, Ponomareva notes that cybersecurity is front of mind when developing these systems.

In fact, they have to be because ISA falls under the requirements of ISO 262626. These requirements regulate functional safety at a software level, as well as the general automotive industry standards for cybersecurity with mandatory certification including UNECE regulations UN R155, R156, and ISO21434.

In addition, vehicle makers will have to undertake risk assessments on vehicle systems and regulations stipulate these must be secure-by-design.

“From July 2024, the sale of new vehicles without cybersecurity certification will be prohibited in the EU, making cybersecurity an integral part of the automotive industry. A dedicated security platform for electronic units’ development can help car manufacturers to meet these requirements,” adds Ponomareva.

The EU believes that the ISA system will be a huge step forward for road safety. Here’s hoping that these systems are built to be as secure as possible lest we start seeing reports of cars being hacked and suddenly stopping on the highway.

[Image – CC 0 Pixabay]

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.