Updated: May 12, 2021
The European Union Agency for Cybersecurity discloses an in-depth analysis of the cybersecurity challenges faced by the CAM sector and provides actionable recommendations to mitigate them.
The Connected and Automated Mobility sector in a nutshell
Today, connected vehicles, environments and infrastructures need to be designed with new capabilities and features. These capabilities and features should aim to provide:
better vehicle performance;
competitive digital products and services;
user-friendly systems and equipment convenient for its customers.
The Connected and Automated Mobility (CAM) sector is a whole ecosystem of services, operations and infrastructures formed by a wide variety of actors and stakeholders.
This ecosystem not only generates transformation in the industries but also considers how to meet the needs of the citizens. It is therefore intended to ensure transportation is made safer and easier. In addition, it also needs to align with the EU efforts towards cleaner, cheaper and healthier forms of private and public transport.
The recommendations proposed by ENISA aim to guide all CAM stakeholders in today’s context of growing cybersecurity threats and concerns.
In order to aggregate the information presented in the new report released today, ENISA performed surveys, interviews and an extensive desktop research of official statistics. The subsequent findings were validated through discussions with key stakeholders from the CAM sector.
The recommendations issued contribute to the improvement and harmonisation of cybersecurity in the CAM ecosystem in the European Union.
As ECOPNET (European Cooperation & Partnership Network), we believe that the analysis of ENISA shows the critical points for the future of the automotive sector. The new policies on the automotive sector will allow cars to be protected against cyber attacks, while aiming to contribute to European Green Deal by manufacturing environment-friendly cars. We advise our partners who work in the automotive sector to carefully read this analysis and closely follow the new developments. If you would like to learn more, we guide automotive companies at ECOPNET. Do not hesitate to contact us! You may find our contact information on our website.
New policy initiatives: what do we need to know?
Under a new regulation set by the United Nations, car manufacturers are required to secure vehicles against cyberattacks. With the upcoming transposition of the United Nations' regulations into EU policy, the new regulation on cybersecurity will be mandatory in the European Union for all new vehicle types from July 2022 and will become mandatory for all new vehicles produced, regardless of the type, from July 2024.
It is important to remember that the UNECE Regulations and related ISO standards do not apply to all CAM stakeholders. The types of vehicles the regulation applies to include passenger cars, vans, trucks and buses, light four-wheeler vehicles if equipped with automated driving functionalities from level 3 onwards.
The report is intended to support the work of the European Commission and the EU Member States’ competent authorities in the transposition of the UN cybersecurity regulation into EU policy.
Decision-makers who are responsible for the protection of security and resilience of the CAM ecosystem at EU level will find in the report the relevant cybersecurity measures and key challenges they need to consider to draft their cybersecurity baseline.
The report is also expected to be of particular interest to Operators of Intelligent Transport Systems (OITS), Original Equipment Manufacturers (OEMs), Road Authorities (RA), Smart City Operators, system providers, mobility service providers and standardisation bodies among others.
Which challenges does the report identify?
The report published today provides recommendations for each challenge identified, such as:
Governance and cybersecurity integration into corporate activity
Cybersecurity governance in the CAM ecosystem represents an organisational and technical challenge for all stakeholders concerned. Recommendations given include:
promote the integration of cybersecurity along with digital transformation at the board level in the organisation;
promote procurement processes to integrate cybersecurity risk-oriented requirements.
Technical complexity in the CAM ecosystem
Dependencies, interactions and supply chain management in this sector are a well-known challenge acknowledged by the majority of the actors involved. Recommendations given include:
promote the use of suitable certification schemes;
promote security assessment for both on-board and off-board solutions and standardise the discovery and remediation of vulnerabilities during the lifetime of the product.
Lack of expertise and skilled resources for CAM cybersecurity
The lack of human resources with expertise in cybersecurity on the market is a major obstacle that hinders the adoption of security measures specific to CAM products and solutions.
encourage cross-functional security and safety knowledge exchange between IT/OT and mobility experts respectively;
introduce programmes at schools and universities to address the lack of security and safety knowledge across the industry.
Such challenges are only an example of the important challenges addressed in the ENISA Report – Recommendations for the Security of Connected and Automated Mobility (CAM).
ENISA is already engaged in the cybersecurity of smart cars and intelligent transport systems and issued publications of existing standardisation, legislative and policy initiatives, as well as good practices and security measures to ensure the security of smart cars against cyber threats.
Source: European Union Agency for Cybersecurity Newsroom