ENISA, the European Union Agency for Cybersecurity, has highlighted the importance of cybersecurity for connected cars in a new report.
Good Practices for Security of Smart Cars aims to identify the relevant assets and the emerging threats targeting smart car ecosystems of tomorrow as well as the potential security measures and good practices to mitigate them.
It aims to provide a detailed asset and threat classification for the connected and autonomous vehicles ecosystem as well as concrete and actionable good practices to improve the cybersecurity in CAVs. Existing legislative, standardization and policy initiatives to foster harmonization are also mapped out.
In 2017, ENISA published its first study on smart cars cybersecurity (Cybersecurity and Resilience of smart cars – Good practices and recommendations). In this new report, the agency broadens the scope of the study to (semi-) autonomous cars and V2X communications.
In particular, the study gathers in a single document security controls collected from relevant published documents and standards, covering the policies, organizational practices and technical aspects. The proposed security controls are mapped against those mentioned in the draft recommendation on cybersecurity of the UN Working Party on Automated/Autonomous and Connected Vehicles (GRVA).
“Connected and automated mobility is a strategic priority for the EU, bringing numerous opportunities for its citizens,” said Juhan Lepassaar, executive director of ENISA. “Our role is to make sure that cybersecurity concerns are taken into account. By bringing together all players and reflecting ongoing policy developments, this study aims to serve as the reference for automotive cybersecurity.”
ENISA cites the target audience of its new study primarily as car manufacturers, Tier 1 and Tier 2 car components suppliers, aftermarket suppliers and policymakers.