Board members of companies selling connected cars will be personally accountable if their products get hacked, according to guidelines issued by the British government.
“Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected,” transport minister Lord Callanan said in a statement. “Whether we’re turning vehicles into Wi-Fi-connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks.”
Mike Hawes, the chief executive of the UK’s Society of Motor Manufacturers and Traders, said the government’s guidelines would help the U.K. be among the first countries to “grasp the benefits of this exciting new technology.”
Apart from stressing that car-makers’ boards are responsible for their product and system security, the guidelines also state that companies should build in-house knowledge of security threats, while getting help from third parties where appropriate. Similarly, companies need to be on top of security risks in their own procedures and in dealing with their supply chain.
Companies must “ensure their systems are able to support data forensics” if something goes wrong. Fans of open-source software practices will also appreciate the government’s insistence that “software adopts open design practices and peer reviewed code is used where possible.”
There have been numerous accounts of people hacking into cars to steal them, though the scarier – if currently more theoretical – threat comes from people potentially commandeering vehicles that are in motion. In 2015, security researchers’ demonstration of such a vulnerability led Fiat Chrysler to recall around 1.4 million cars.