Car makers issue cybersecurity best practice guide

More than 50 global experts have teamed up to produce a best practice guide for manufacturers to secure driverless cars and connected vehicles as well as a framework to respond to security breaches when they occur.

The Automotive cybersecurity best practices paper has been published under the auspices of the Automotive Information and Analysis Centre (AUTO-ISAC) industry organisation.

It builds on an earlier framework by the Auto Alliance and Global Automakers.

The document lists five key cybersecurity functions: security by design, risk assessment and management, threat detection and protection, incident response, collaboration and engagement with appropriate third parties.

Governance as well as security awareness and training are also defined in the framework.

Despite releasing a summary document and a best practice statement in public, however, the details of the framework will only be released to AUTO-ISAC members, to protect the effectiveness of the security strategies.

The framework follows several high-profile incidents where security researchers showed how easy it is to abuse connected cars and driverless cars remotely, with potentially life-threatening consequences.

Last year, researchers Charlie Miller and Chris Valasek were able to take over control of a Jeep Cherokee, manupulating different car functions, and sending commands to the vehicle through its entertainment system.

Miller and Valasek turned on the car radio and windscreen wipers, changed the airconditioning, and even turned off the Jeep's engine while travelling down the motorway at high speed.

As a result of the hack, Jeep owner Fiat Chrysler set up a bug bounty program to help discover and address future vulnerabilities in its vehicles.