Cars are often considered to be products of car manufacturers, so car manufacturers are often considered responsible for meeting car safety standards. This division can work well in the case of non-networked, non-autonomous vehicles, as manufacturers can ensure compliance and allow vehicles to perform fault tests in real-world operating environments.

However, CAV technology makes the situation quite complicated. As CAV technology continues to grow rapidly, automakers face a complex supply chain of sensor manufacturers, software developers and operating system providers. If the damage caused by CAV's defects is still the responsibility of the car manufacturer, the car manufacturer will bear a huge burden to ensure that all suppliers are compliant with network security best practices. In the context of vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) interaction, things will become more challenging. In these operating environments, hackers can use the V2V or V2I communication to cause CAV to have an accident. In this case, is the third party CAV or infrastructure provider also responsible? Even more complicated is the fact that in an interconnected environment, a contiguous number of components (such as sensors, actuators, operating systems, and networks) have continuous software updates and patches that address any network security risks. An obvious example is whether the vehicle manufacturer will continue to assume responsibility for software patching software vulnerabilities after the car is sold to consumers. If the answer is yes, then at least how long it will provide updates to consumers will become a new issue.

How to coordinate this issue between automakers, software vendors and hardware vendors? It is also worth noting that end users themselves are also a key link in the network security chain. Although their immediate interests are at risk, current users seem to be not aware of the risks of automotive networks. These users themselves may become weak links. What if a security incident occurs because the end user installs unsafe software on the phone or on a device connected to the car? Do end users need to take responsibility for this? Shared responsibility?  Register ACSS 2019 Now to Listen Mr. Atticus Zhao, the senior lawyer from King & Wood Law Firm, about the security risks and laws and regulations of Connected Vehicle and Autonomous Driving.