Security Experts:

ENISA Launches Car Security Group

The European Union agency for network and information security ENISA announced on Monday the launch of a new expert group focusing on the security of smart cars and intelligent road systems.

The agency has invited professionals from several areas of expertise to join its new Cars and Roads SECurity (CaRSEC) group. ENISA is specifically looking for security-focused car manufacturing professionals, vehicle software and hardware suppliers and developers who focus on security, non-profit organizations and associations involved in vehicle security, and road authorities, standardisation bodies, academia and policy makers.

“Cyber threats to Smart Cars and Intelligent Road Systems go beyond traditional ICT security. There cyber threats have real consequences on the safety of citizens. Hence it is important to understand what needs to be secured and develop specific security measures to protect Smart Cars and Intelligent Road Systems from cyber threats,” ENISA said.

ENISA will review applications and select up to 20 members, including 15 members and 5 alternate members. The invitation to join CaRSEC will remain open for a period of 1-3 years.

Participants will be tasked with contributing to papers on the topic of smart cars and intelligent road systems, exchanging knowledge with other members, and discussing approaches toward securing vehicle and road infrastructure systems.

As for member benefits, the EU security agency listed the opportunity to contribute to ENISA studies, the possibility to attend workshops and other events, exchanging information with other experts in a trusted manners, and the possibility to express their opinion on current and future policy. Members of the group will meet physically once a year.

As experts have demonstrated on several occasions over the past few years, the smart features available in today’s vehicles can be leveraged to hijack a car’s various functions both locally and remotely. Last year, Fiat Chrysler Automobiles (FCA) decided to recall a large number of vehicles after researchers Charlie Miller and Chris Valasek remotely hacked a 2014 Jeep Cherokee via a system available in several models from FCA.

Road infrastructure systems are also at risk, as demonstrated in 2014 by researchers at IOActive. Experts showed at the time how easy it was to hack traffic control systems used in major cities around the world.

Organizations like “I Am the Cavalry” have been advocating for automotive cyber safety, calling on automakers to work with the community in an effort to integrate proper security mechanisms into their products.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.