A new approach to cyber security for systems without boundaries
Ricardo and Roke, a leading UK innovator specialising in securing connected systems, are offering a new approach to cyber security across transport systems and critical national infrastructure (CNI): Digital Resilience.
The increase in connected technologies integrated into vehicles has presented manufacturers with the opportunity to provide additional functionality, safety, and value to customers. However, there are now new and significant challenges in terms of securing these connected systems and maintaining consumer trust.
This challenge is echoed across all industries reliant upon increased data collection and analysis as an enabler for control systems, remote monitoring, and maintenance planning. CNI providers, relied upon to deliver food, water, and energy, must also be resilient to the evolving cyber threat they face.
The Digital Resilience framework provides the transport and infrastructure sectors with a rigorous methodology to address digital vulnerabilities and threats within transport systems and critical infrastructure, combining the expertise of both partners to deliver digitally resilient systems in the present and future.
Consumer trust in technology is essential and is strengthened through testing and defined metrics. We therefore need a wider concept of digital resilience throughout transport systems and infrastructure, as well as cyber security in discrete subsystems. To achieve this effectively we must collaborate across traditional boundaries, combining sector specific expertise in system design, information technology, and operational technology. This approach will realise the vision of future connected systems that will be resilient—hard to attack and continuing to work safely when attacked.
The Digital Resilience framework maps likely vulnerabilities and threats in an existing system, prioritising those that pose the greatest risks for immediate action and identifying those that can be safely deferred in the short term. Applying the framework during the design phase enables us to ensure system risk is understood as part of a secure development lifecycle which can be assured against defined metrics. This enables design and development of systems that are ‘secure by design.’
The partners have ongoing projects working with clients across Rail, Energy & Environment, and Automotive to assure digital resilience in today’s systems. Supporting this, a digital resilience testing facility has been established where live testing can be performed on vehicles.
Ricardo and Roke recently published their white paper: "Digital Resilience: a new approach to cyber security for vehicles without boundaries". The paper explores and defines the concept of Digital Resilience in relation to connected vehicles and presents the case for Digital Resilience in building consumer trust by providing manufacturers with a framework for building Digital Resilience into the vehicle design. This methodology is being deployed with clients across Ricardo sectors.