The Applicability of Automotive Cybersecurity Standards

A cyber security white paper by Copper Horse

This work examines the applicability of automotive cybersecurity standards around the world, firstly by
capturing a longlist of recommendations and guidance and then organising these details into related themes to better consider the following –

• How relevant is the information? Which standards can be safely dropped and ignored?
• What documents are being referenced and how are the recommendations being regulated?
• Do the standards make an impact on real-world cyber security of vehicles or is the process too slow /
the guidance too vague or abstract to enable the required changes in industry?
• What is the additional engineering burden on the automotive industry and the surrounding ecosystem?

Finally, we consider the purchasing costs that OEMs and their suppliers would need to budget for to access the necessary information and discuss the implications of this, reflecting of the original aims of standards and their benefit to society.

The paper can be downloaded here.

Addressing the Challenges of Securing Connected and Autonomous Vehicles

A white paper Capturing the key themes of the Secure-CAV project

Vehicles are becoming the most sophisticated connected objects in the ‘Internet of Things’ as designers consider a fully autonomous future. But integrating such features causes the attack surface of the vehicle to grow – for example, as systems make use of remote connectivity at multiple points. 

At the same time, the automotive industry has a challenge in that legacy technologies are both insecure and take a long time to age out. Unlike many other connected products, vehicles can have a very long lifespan, which demands an innovative approach when it comes to cyber security concerns. 

Beginning in late 2019, the Innovate UK-sponsored Secure-CAV consortium set out to develop and prove hardware-based security technology that will allow the automotive industry to leap ahead of the threats that it faces currently and – in the near-term – put the industry into a much more tenable cyber security posture than it currently holds. 

Secure-CAV partner, Siemens, has developed Intellectual Property (IP) as well as anomaly detection software, which is able to monitor protocols and transactions at the lowest level in hardware. This is backed by unsupervised machine learning algorithms and statistical analysis, with expert input from consortium member University of Southampton.  

The solution has been integrated into Field-Programmable Gate Array (FPGA) technology and linked to two vehicle demonstrators developed by teams at Coventry University and cyber security specialists Copper Horse – also part of the Secure-CAV line up.  

Building mitigations to a number of real-world and theoretical attacks into a demonstrator enabled the consortium to prove the theory that security anomalies can be detected and responded to appropriately, forming the foundation and basis for future developments in this emergent security solution space. 

The paper can be downloaded here.

The State of Vulnerability Disclosure Policy (VDP) Usage in Global Consumer IoT in 2023

The IoT Security Foundation has published its latest influential research report which monitors the security management behaviour of consumer IoT product companies. The study reviewed the practice of companies identified as selling IoT products for consumer and commercial uses such as appliances, routers, audio, smart home, lighting, mobile, tablets and laptops. This is the sixth published report in the series, plotting industry progress since 2018 with prior versions cited as evidence in global standards and regulatory processes. The annual research was carried out during the summer of 2023 by Copper Horse Ltd, experts in mobile and IoT security.

The paper is available here – State of Vulnerability Disclosure Policy

Open Data is also available in open formats here:

2023 Data


2022 Data


Here are the links to the previous VDP reports:

2022 report

2021 report

2020 report

2019 report

2018 report

Securing IoT by Design

A cyber security white paper by Copper Horse

“If you’re looking to deploy IoT, you need to do it right from the start and you need to think about what happens with that product throughout its lifetime, until you sunset it,” David Rogers MBE – founder of Copper Horse and author of the UK’s Code of Practice for Consumer IoT Security . “That means working with suppliers and partners who you can trust will take the right approach to security and platforms.”

Arm commissioned Copper Horse to offer an impartial guide to IoT security by design, and the 19 page white paper guides readers on how to appropriately and securely manage solutions at scale.

“If you’re deploying IoT in any kind of environment – for example, consumer, automotive, agricultural, industrial or medical, you need to consider security from the beginning,” David reiterates. “Regulation is coming so it can’t be ignored.”


Topics covered in the briefing include: the threat landscape; future regulation; software updates and device management; public key infrastructure (PKI); end-of-life and decommissioning; and a reminder on identifying and eliminating bad practices.

Full details can be found at –

Mobile Security Leaflet

Having completed a piece of work for the UK Police about providing basic guidance on mobile phone security; we decided to create a leaflet that was easy to understand and which would capture the main points easily.
The advice covers topics such as:

  • Personal safety
  • Lost and stolen devices
  • Using the features of your device securely
  • The types of threats you need to be aware of
  • Things that you can do to mitigate security issues or to help prevent them happening

Download and Print

Please feel free to download and use the leaflet. All we ask is that you give us some feedback on how it is being used, so we can let people know:

  • Click here for the online version of the leaflet.
  • Click here for a print-ready version of the leaflet.