Cybersecurity Regulations for Connected Vehicles: Government Mandates Automaker Audits

www.news4hackers.com-cybersecurity-regulations-for-connected-vehicles-government-mandates-automaker-audits-cybersecurity-regulations-for-connected-vehicles-government-mandates-automaker-audits

The Indian government has directed automobile manufacturers and component suppliers to perform thorough security assessments of software, electronic systems, and cybersecurity frameworks in connected vehicles, electric vehicles (EVs), and commercial vehicles.

Ministry Guidance and Industry Response

The Ministry of Heavy Industries issued guidance to the Society of Indian Automobile Manufacturers (SIAM) and the Automotive Component Manufacturers Association of India (ACMA), prompting companies to evaluate their cybersecurity readiness. No specific timeline for completing these reviews has been established at this time.

Government Actions Against EV Cybersecurity Risks

The directive coincides with government actions requiring Apple and Google to remove three mobile applications linked to EV cybersecurity risks. Officials raised concerns that these apps might enable unauthorized access or manipulation of vehicle systems.

Key Cybersecurity Measures for Automakers

Under the advisory, automakers are tasked with scrutinizing the security of battery communication protocols, Battery Management Systems (BMS), connected vehicle software, and over-the-air (OTA) update processes. Additional measures include addressing insecure default configurations, weak authentication protocols, and unsecured OTA transmission channels.

Risks of Flawed Software and Communication Systems

The government highlighted that modern connected vehicles rely heavily on internet connectivity and cloud-based services. Any flaws in software or communication systems could allow cyber adversaries to compromise critical vehicle functions, endangering user safety and data confidentiality.

Industry Perspectives on Cybersecurity Evolution

Industry analysts noted that the integration of digital technologies and internet-dependent features in automobiles has shifted cybersecurity from an IT issue to a direct safety concern. Manufacturers are now required to embed robust cybersecurity practices across the entire software lifecycle, from development to testing and updates.

Cybersecurity Best Practices for Connected Vehicles

A security researcher from Algoritha Security emphasized that cybersecurity for connected vehicles must be embedded during the design phase. According to the expert, consistent security evaluations, prompt software patches, resilient authentication methods, and secure OTA update mechanisms are critical to mitigating risks associated with vehicle cyberattacks.

Current Advisory Status and Future Outlook

The current advisory is non-binding and lacks defined penalties or deadlines. However, industry observers anticipate stricter cybersecurity requirements for connected and electric vehicles as technological advancements continue.

According to the expert, consistent security evaluations, prompt software patches, resilient authentication methods, and secure OTA update mechanisms are critical to mitigating risks associated with vehicle cyberattacks.



About Author

en_USEnglish