The automotive industry is undergoing an evolution towards connected and autonomous vehicles. Increasingly smart cars include added features that enhance users’ experience or improve smart car security.
However, if not properly secured, such features can also be leveraged by hackers, and lead to cyberattacks that can result in vehicle immobilization, road accidents, financial losses, disclosure of sensitive data and even endanger road users’ safety.
Previous attacks on smart cars helped raise automotive industry awareness of the security needs and led to the development of several cybersecurity regulations and initiatives aimed at ensuring secure vehicles.
Good practices for smart car security
The report mainly aims to identify the relevant assets, the emerging threats targeting smart cars ecosystem of tomorrow as well as the potential security measures and good practices to mitigate them.
Concretely, the ENISA study provides the following information:
- A detailed asset and threat taxonomy for the connected and autonomous vehicles ecosystem.
- Concrete and actionable good practices to improve the cybersecurity in connected and autonomous vehicles.
- A mapping of existing legislative, standardization and policy initiatives to foster harmonization.
In 2017, ENISA published its first study on Smart Cars cybersecurity (The ENISA Cybersecurity and Resilience of smart cars – Good practices and recommendations). In this new report, the Agency broadens the scope of the study to the (semi-) autonomous cars and Vehicle-to-Everything (V2X) communications.
In particular, the study gathers in a single document security controls collected from relevant published documents and standards, covering the policies, organizational practices and technical aspects. Inter alia, the proposed security controls are mapped against those mentioned in the draft recommendation on cybersecurity of the UN Working Party on Automated/Autonomous and Connected Vehicles (GRVA).
“Connected and automated mobility is a strategic priority for the EU, bringing numerous opportunities for its citizens. Making sure that cybersecurity concerns are taken into account is the role of ENISA. Today we publish a study on securing smart cars with a focus on autonomous and semi-autonomous vehicles. Bringing together all players and reflecting ongoing policy developments, this work aims to serve as the reference for automotive cybersecurity,” said Juhan Lepassaar, Executive Director, ENISA.