Cybersecurity measures announced by auto manufacturers

Brussels, 18 October 2017 – In order to mitigate the risks of cyberattacks that come with the ever-increasing connectivity of motor vehicles, the European Automobile Manufacturers’ Association (ACEA) today published six key principles of automobile cybersecurity, which all its members endorse.

“The digital world offers unprecedented opportunities,” stated ACEA Secretary General, Erik Jonnaert. “Nevertheless, opportunity comes with risks, and one of these is the threat of a direct cyberattack on your car or indeed a whole fleet of vehicles. Keeping cybersecurity risks for connected vehicles in check is therefore of crucial importance.”

Firstly, countering such risks requires the number of data interfaces within a vehicle to be limited. Secondly, interfaces that are needed for connectivity purposes should be protected with very high cybersecurity measures. Highly aware of this, the automobile industry has taken the lead in designing and producing safe and secure connected and automated vehicles, by following well-established safety and security principles.

If adequate cybersecurity mechanisms are not implemented and cybersecurity risks not dealt with appropriately, the interfaces of connected vehicles can present an opportunity for exploiting vulnerabilities. Attackers may for instance compromise the user’s personal data, threaten vehicle systems or endanger the safety of passengers.

ACEA welcomes the Commission’s Communication on cybersecurity published last month, which states that specific sectors, facing specific threats, should be encouraged to develop their own approach to cybersecurity in order to complement general cyberstrategies.

In this spirit, and demonstrating the industry’s commitment to continue to ensure user safety, ACEA and its 15 member companies today published a set of six key principles:

  1. Cultivating a cybersecurity culture
  2. Adopting a cybersecurity life cycle for vehicle development
  3. Assessing security functions through testing phases
  4. Managing a security update policy
  5. Providing incident response and recovery
  6. Improving information sharing amongst industry actors

All manufacturers agree to endorse these principles to enhance the protection of connected and automated vehicles against cyber threats.

Furthermore, ACEA and its members will continue to fully support ongoing regulatory and standardisation initiatives taking place in various fora, such as UN-ECE and SAE/ISO.

***

Notes for editors

  • The ‘ACEA Principles of Automobile Cybersecurity’ are available at http://www.acea.be/publications/article/acea-principles-of-automobile-cybersecurity.
  • ACEA represents the 15 Europe-based car, van, truck and bus manufacturers: BMW Group, DAF Trucks, Daimler, Fiat Chrysler Automobiles, Ford of Europe, Hyundai Motor Europe, Iveco, Jaguar Land Rover, Opel Group, PSA Group, Renault Group, Toyota Motor Europe, Volkswagen Group, Volvo Cars, and Volvo Group.
  • More information can be found on www.acea.be or @ACEA_eu

Contact
Cara McLaughlin, Communications Director, cm@acea.be, +32 2 738 73 45; +32 485 88 66 47.

About the EU automobile industry

  • 12.6 million people - or 5.7% of the EU employed population - work in the sector.
  • The 3.3 million jobs in automotive manufacturing represent almost 11% of EU manufacturing employment.
  • Motor vehicles account for almost €396 billion in tax contributions in the EU15.
  • The sector is also a key driver of knowledge and innovation, representing Europe's largest private contributor to R&D, with more than €50 billion invested annually.
  • The automobile industry generates a trade surplus of about €90 billion for the EU.