5.1 Introduction

In the past, road vehicles were independent and largely mechanical systems. However, modern vehicles are increasingly reliant on internal networks that link sensors, actuators and control systems in order to achieve higher levels of functionality than can be provided by stand-alone subsystems. Many of these functions are safety-related, such as anti-lock braking, advanced emergency braking, electronic stability control, and adaptive cruise control. In the automotive environment, therefore, cyber security attacks could have significant safety implications for vehicle occupants and other road users, in addition to the privacy and financial implications that are more commonly associated with attacks on information systems. Such safety issues could be unintentional side effects of some cyber security attacks, but it is conceivable that causing death or injury could even be a primary attack goal for some potential attackers.

At the same time, cellular telephones [1] and other ‘nomadic’ devices now interact with vehicle systems, and maintenance facilities such as remote diagnosis and wireless ‘flashing’ of software are being developed for automotive applications [2,3]. In addition, in-vehicle wireless networks are commonly implemented using Bluetooth, and on-board devices are increasingly able to access the internet. ...