Researchers managed to remotely control the brakes of a car via a common insurance device, turn off a Tesla Model S remotely at low speeds and found serious security flaws in GM OnStar’s system.

Safety is a key feature of most car brands and the 2015 incidents were damaging enough without there being any injuries attributed to them. Many new features built into cars today are less about performance, focusing instead on convenience, connectivity and safety.  So brand protection will drive significant investment in cyber security too.

Competition from new entrants will have a positive effect too. While motor manufacturers have long been criticised for lacklustre software offerings, competition from tech companies such as Google, Apple and Baidu – organisations where cyber security is in their DNA – will significantly raise the bar.

But can the motor industry rely on competition and self-regulation, or does the government need to make penetration testing as important as checking that your brake lights are working?

Stringent regulation is inevitable, even if industry standards prove to be high. The pace of change will mean problems will emerge, as they did last year, and strict initial standards will be imposed whilst public confidence is given time to grow.

Regulations are likely to affect issues such as:

  • Adherence to minimum cyber-security standards, not just for the vehicles, but the systems and network infrastructure of the manufacturer.
  • The length of warranty and support upgrades to avoid cars with significant security vulnerabilities on the road.
  • Mandatory reporting of accidents and incidents.
  • “Air-gapping” so as to physically separate key functionality.
  • Sharing of security information (e.g. IP addresses of attackers or unpatched security vulnerabilities) with other manufacturers or government bodies, such as the DVLA.
  • “Safe modes” -  vehicles, shutting down autonomous features if any breach of the car’s security is detected.
  • Restrictions on unauthorised repairs and modifications.
  • “Backdooring” – the method by which systems can be upgraded, but which inevitably provide a potential door for hackers (and government agencies).  

Heavy regulation is often seen as a brake on innovation and change. Regulation of autonomous cars is inevitable, but the careful balancing of risk may see the UK continue to forge ahead in the industry, whilst steadily building consumer confidence.