The 5StarS consortium is launching its proposed assurance framework for connected and autonomous vehicle cyber security from design to end of life, following a two-year research project funded by Innovate UK.
The consortium combined the expertise of research organisations HORIBA MIRA, Ricardo, Roke, Thatcham Research and Axillium Research, and were commissioned to address increased cyber security threats around connected vehicles.
The consortium says that as increased connectivity of vehicle systems – such as in-car entertainment – increases exposure to cyber threats, consumers and insurers need to be able to have confidence that vehicle manufacturers are managing cyber security appropriately.
The assurance framework sets out to build trust in the ability of manufacturers to mitigate against cyber threats and be resilient to attacks, as well as being able to demonstrate that they will respond quickly and effectively to attacks or vulnerabilities.
The framework will enable manufacturers to gain assurance in the capabilities of their products, use resilience as a market differentiator and establish meaningful ways of communicating cyber security risk to consumers.
Key benefits for vehicle manufacturers implementing the framework include:
- building consumer trust in the overall safety of vehicles
- highlighting vehicle countermeasures against – and resilience to – cyber attacks
- cyber risk being reflected in insurance premiums
- ability to monetise good practice in cyber security through a rating that differentiates their products from the competition in consumers’ eyes.
Future of Mobility Minister Michael Ellis commented, ‘Self-driving technology will help transform our society for the better, and the UK has led the way globally in supporting the world’s first standard on vehicle cyber security.’
‘The new assurance framework developed by the 5StarS consortium builds on this work, helping ensure this technology is safe, secure, and resilient to cyber attacks,’ added Ellis.
The assurance framework introduces independent vehicle vulnerability assessments and, crucially, it is aligned with emerging regulations and standards, such as ISO/SAE 21434, UNECE and the CAV Innovation System Framework.
The 5StarS vehicle assessment consists of four components:
- Product Development – concept and design
- Production, operations, maintenance and decommissioning
- Cybersecurity governance and management
- Vulnerability assessment
The scores from the assessment are aligned to the UK Government Department for Transport Principles of Cyber Security for Connected and Autonomous Vehicles.
It is proposed that manufacturers would receive a full report of the findings allowing them to resolve issues. It is likely scoring thresholds will increase over time, driving good behaviour and innovation in cyber security, ensuring manufacturers maintain high ratings.