Roke and Ricardo have launched a digital resilience vehicle assessment and benchmarking process that helps vehicle manufacturers protect their future products and comply with imminent cybersecurity legislation.
Advances in vehicle technology are integrating connectivity and automation, providing a wealth of features that drivers and passengers value. However, the complexity of the on-board electronics within the connected systems means they’re also vulnerable to attack. Building consumer trust in both product safety and personal data security is critical.
Impending regulations from the United Nations Economic Commission for Europe (UNECE) are expected to include mandatory audits of each manufacturer’s cybersecurity management system, and a verification process to demonstrate that new vehicles have been appropriately engineered with relevant risks identified, analysed and mitigated.
Roke and Ricardo have established a unique partnership, collaborating across traditional industry boundaries to combine 100 years of automotive system design with 60 years expertise in advanced communications and security.
The newly-launched digital resilience service provides a fully independent and impartial assessment, consistent with recommendations of the 5StarS vehicle assurance framework, and draws on the partnership’s innovative methodology and facilities.
Three levels of assessment are available, recognising that not all vehicle manufacturers will require the same level of assistance.
- Baseline: Identifies and categorises exploitable potential vulnerabilities relative to the complexity of the vehicle. The testing boundary for the baseline is considered to be the ‘as sold’ vehicle.
- Enhanced: The testing boundary is the same as the Baseline service, but the testing is used to exploit identified vulnerabilities to assess the potential impact of a successful breach. Original Equipment Manufacturer (OEM) backend servers and applications may also be analysed.
- Bespoke: Tailors the level and detail of analysis to the client’s precise requirements.
Crucially, in each case, the service aims to provide guidance on how identified vulnerabilities can be addressed through immediate and cost-effective remedial actions.
Neil Gladstone, Commercial Director at Roke, commented:
“We want to help consumers start choosing their cars on the basis of security, as well as long-established criteria like safety and fuel economy.
“To ensure tomorrow’s drivers can enjoy the benefits of digital services like navigation, collision avoidance, predictive parking and new applications, our digital resilience service provides a set of rigorous tests designed to maintain consumer confidence and peace of mind, by confirming that they are resilient to network attack.”
Ian Penny, commercial director for Ricardo Automotive & Industrial, commented:
“The digital resilience service now offered by the Roke and Ricardo partnership is a major step forward in helping vehicle manufacturers ensure their existing and future products are digitally secure.
“Through this service we aim to give vehicle manufacturers confidence that their products are compliant and cyber secure against known and likely future threats, so that drivers’ data, security and safety can be appropriately protected.”