New cars protected from cyber-attacks… and independent workshops

New legislation is currently being consulted in the European Union that aims to secure vehicles from cyber-attacks.

No one questions that safety features should be created by vehicle manufacturers.

If we give vehicle manufacturers the full initiative in this area, without implementing detailed provisions to safeguard the rights of other market participants, we will allow independent garages to be excluded from the possibility of providing services. Such a threat has recently become real with the proposal to directly implement two UN-ECE regulations on cyber security in European Union legislation. This would allow the car manufacturer to independently create all cybersecurity management systems, configure, administer, update and control them. These solutions would not be subject to inspection at the time of vehicle approval, says Alfred Franke, an automotive expert.

This means that vehicle manufacturers will be able to set their own standards based on their own risk assessment. To use the language of examples – a workshop that is not part of a manufacturer’s network would not be able to change the oil in the engine or the brake pads, because they would not be able to delete the oil service or brake pad wear information.

In practice, this kind of service attempts could be read by the vehicle’s security system as a cyber-attack and immediately block the system.

What can be done to ensure that independent garages are not treated the same way as hackers or car thieves in the future?