In this report ENISA defines smart cars as systems providing connected, added-value features in order to enhance car users experience or improve car safety. It encompasses use cases such as telematics, connected infotainment or intra-vehicular communication. The report excludes Car-to-car as well as autonomous vehicles as these technologies are not in use today. Practices discussed in this report concern not only passenger cars but also commercial vehicles (such as busses, coaches etc) and aim to map the current threats that passengers and drivers are exposed every day to. The goal is to secure smart cars today for safer autonomous cars tomorrow. Over the last few years, there have been a number of publications on attacks targeting automotive systems, and in particular smart cars. An attack on a smart car would threaten the safety and privacy of passengers and other citizens. These threats are already having a big impact on car manufacturers, with millions of cars being recalled because of their vulnerability, not to mention the effects of the widespread media coverage of the issues. The objective of this study is to identify good practices that ensure the security of smart cars against cyber threats, with the particularity that smart cars' security shall also guarantee safety. The study lists the sensitive assets present in smart cars, as well as the corresponding threats, risks, mitigation factors and possible security measures to implement. To obtain this information, experts in the fields and areas related with smart cars were contacted to gather their know-how and expertise. These exchanges led to three categories of good practices: Policy and standards, Organizational measures, and Security functions. The protection of smart cars depends on the protection of all systems involved (cloud services, applications, car components, maintenance and diagnostic tools, etc.). However, the challenge resides mostly today in the security of car components and aftermarket products, where security functions have to be implemented in spite of several kinds of limitations: for example, security requirements may conflict with safety requirements. Furthermore, the very large number of interfaces to secure may lead to planning and cost issues; eventually, the long life of cars may create the need for dedicated security requirements.
