New road safety standards create trade-off with CAV cybersecurity

As new safety features that require the collection of data from connected and autonomous vehicles (CAVs) continue to be introduced, a trade-off is developing between road safety and cybersecurity. Here, we highlight the new standards set to come into play during 2022 and explore the innovative solutions designed to protect driver safety in both the physical and digital realms.

A step change in vehicle safety

This year, a raft of safety features is set to become mandatory on new vehicles. While many of these are already standard on some vehicles, including drowsiness and attention detection systems, event data recorders and lane-keeping assistance, their mandatory introduction is seen as a step change in safety requirements.

Vehicle cybersecurity is seen as a key challenge in the automotive sector, said to present challenges that extend way beyond those in IT. This is largely due to the amount of data generated by and processed within road vehicles, which attracts a wide variety of threats. Such threats often don’t need to be directed at vehicles’ central systems to cause problems for drivers.

A step change in data collection

Since 2019, the European Data Protection Board (EDPB) has sought consultation for ‘guidelines on processing personal data in the context of connected vehicles and mobility related applications’. The purpose is to highlight where data privacy risks lie within vehicles as they become ever more connected, which will lead to the creation of guidelines designed to combat the risk of increased personal data collection.

It’s inevitable that new safety features require data on drivers and passengers that could be considered personal. This includes risky categories of data such as location, biometrics and data that could reveal offences or traffic violations (which are highlighted by the guidelines proposed by the EDPB consultation).

Road safety vs cyber risks

Such data may be attractive to cyber-criminals, who often look for opportunities to extort. For manufacturers, the challenge lies in decreasing their vehicles’ exposure to hackers while improving safety and being required to follow relevant guidelines.

Innovation around the management of the data generated and processed by vehicles will already be well underway and it remains to be seen which solutions will be most well adopted.

One of the biggest problems with addressing the wider challenge of automotive cybersecurity is the vast difference between automotive product life cycles and the substantially faster evolution of cyber threats. While a vehicle may be expected to be used for up to 20 years after first purchase, cyber threats evolve daily.

This places importance on effective software (able to respond to threats in real-time) and hardware (to support software updates), as well as over-the-air (OTA) upgrade procedures and vehicle owners (who must ensure that their software stays up to date).

Solutions and IP protection

One effective software solution that seeks to address the problem of securing automotive architectures is Symantec’s Critical System Protection. This helps to enforce the whitelisting of good code and reports anomalous behaviour in real-time, so that updates can be initiated when they’re needed.

Another is Continental’s In-Vehicle Network Protection and Monitoring, which identifies and blocks attacks by recognising anomalies within the vehicle network and sending alerts to its security operations centre.

The software focus of these innovations can make further innovations difficult to protect with patents. It’s key to remember that improvements to known technology can be patented — even if they’re software-related. We recommend always speaking to a patent attorney with specialist software experience to ensure that your innovation achieves the best protection possible.

If you need advice about protecting software innovation, get in touch with me for a free initial chat.