Case study

5StarS: developing a security framework for autonomous and connected vehicles

Government funds project to develop an automotive cybersecurity assurance framework.

Graphic demonstrating a car with wireless connectivity

New autonomous and wireless connectivity in vehicles will provide many commercial opportunities for innovation. However, this automotive world will also prove attractive to smart criminals. Those using connected and autonomous vehicles (CAVs) need to know that they, their vehicles and personal data will be kept safe from cyber attack.

The government has responded by investing more than £800,000 in a £1.5 million collaborative project to develop an automotive cyber security assurance framework. It adopts an integrated set of standards for manufacturing innovation and assessment, with a rating system to build trust among consumers and insurers.

The 2 year 5StarS (Automotive Cybersecurity Through Assurance) project has had support from the Centre for Connected and Autonomous Vehicles and Innovate UK. The 5StarS consortium came together in 2017 to address the issues around growing vehicle connectivity. It was clear that existing standards and regulations or even those in development did not offer consumers a way of making informed buying decisions based on vehicles’ cybersecurity resilience. Nor could insurers evaluate threats when pricing premiums.

To provide vehicle manufacturers with practical guidance and support, the 5StarS partners have devised a roadmap covering 3 specific areas – innovation, assessment and assurance rating. The project identified regulations, standards and best practice that should guide innovation and product development so that manufacturers can measure their vehicles’ resilience. They include ISO/SAE DIS 21434 (road vehicles — cybersecurity engineering) which is still under development. That, in turn, opens the way to independent assessment procedures and ultimately a risk-based system with a visible rating for insurers and consumers. The rating system will apply only to new vehicles.

If fully adopted by the automotive industry it will operate in much the same way as the existing Euro NCAP type ratings for vehicle safety, building trust in connected autonomous vehicles (CAVs) and advanced driver assistance systems (ADAS). The newest vehicles on sale are already equipped with keyless entry, cameras to aid parking and lane positioning, GPS positioning for satellite navigation systems, DAB radio, wifi and Bluetooth communications.

Demonstrating that appropriate security measures are in place can potentially create an entirely new revenue stream for the industry. Although the 5StarS project was funded by the government and the consortium partners are UK-based, the framework is designed to align to current and emerging international standards and best practice so that it can be applied internationally. This will assist vehicle manufacturers aiming to sell vehicles globally.

The next step is to run trials with vehicle manufacturers to validate the assurance framework against their vehicles and build upon the international interest received in the project to foster wider adoption.

Published 4 September 2020