New rules for securing cyberattacks in connected vehicles
Car manufacturers selling in Japan, South Korea and the European Union will be required to secure connected vehicles against cyberattacks under a new regulation set by the United Nations.
The agreement was adopted in June by 53 countries, not including the U.S., and will go into effect in January 2021. The new regulation states that national authorities are responsible for approving car models before going into the market to ensure that vehicles are built with cybersecurity protections.
UN regulation listed some of the possible cyberattacks that manufactures should anticipate and included a list of required measures, such as:
- Managing vehicle cyber risks,
- Securing vehicles by design to mitigate risks along the value chain,
- Detecting and responding to security incidents across vehicle fleet,
- Providing safe and secure software updates and ensuring vehicle safety is not compromised, introducing a legal basis for so-called “Over-the-Air” (O.T.A.) updates to on-board vehicle software.
In addition to the measures, manufacturers are also expected to document prevention strategies and inform the authorities on their effectiveness. Forensic technology is also requested to keep in place to detect and analyse attempted cyber attacks.
Source: CAD and CLEPA