I came across this excellent, thought-provoking white paper from NTT Security and felt that some of the insights were worth sharing.
Some of our previous blogs have discussed the cost implications of automotive cybersecurity for vehicle manufacturers, and the potential implications for the driver and passengers of vehicles. But this paper got me thinking about another angle – responsibility and liability.
The NTT paper concludes that “until all interested parties work together to build a model for security best practice for connected vehicles, the responsibility sits with everybody – and nobody – at the same time”. Clearly this “fuzzy” situation is unsustainable, and will lead to some interesting (and very expensive!) international court cases which will set the legal precedent for how these challenges will be dealt with going forward.
A vehicle that is in design now, will hit the streets in 2022/23 and many will still be on the streets after 2030. At the current rate of change, we cannot even begin to imagine what the cyber threat landscape will look like by 2030. So it is time, arguably it is beyond the time, for the automotive industry to come together to define security best practice.
We must ensure security by design, future-proofing vehicles against threats that we can’t define today. The NTT paper recommends that “security should be embedded into the design of each hardware and software component”. At the very least, everyone should be implementing “best practice”.
UltraSoC’s products offer a ‘better than best practice’ approach to automotive security, both in applying additional layers of security to future-proof vehicles against threats that are unknown today, and in being able to dissect the evolution of an on-chip security issue to better answer the ‘who is responsible’ question. This is the basis on which we have won a significant grant from Innovate UK for an incredibly exciting demonstrator project with our partners – Coventry University, University of Southampton and Copper Horse. We look forward to sharing more details as this project evolves.