It is reassuring to see that the UK government is looking for suppliers of connected car to recognise the need to maintain and service the underlying software for the lifetime of the vehicle. Connected car is an extreme example of IoT devices where the potential consequences of security failure could be catastrophic.
The Department for Transport has published cybersecurity guidelines for manufacturers of smart or connected cars. Written with help from the Centre for the Protection of National Infrastructure, the principles implore everyone in the automotive supply chain to collaborate during the design process and over software upgrades and maintenance long after cars hit the road. The authorities are concerned about the prospect of older vehicles running outdated software.
https://www.ifsecglobal.com/uk-government-issues-cybersecurity-guidelines-connected-cars/
