SINGAPORE: The Land Transport Authority (LTA) will be conducting "additional independent technical assessments" to ensure that public buses in Singapore cannot be controlled remotely by their manufacturers, said Acting Transport Minister Jeffrey Siow.
This comes after cybersecurity concerns arose late last year over how Chinese manufacturer Yutong Group was found to be able to remotely control its buses for software updates and diagnostics.
LTA said at the time that Yutong's 20 electric buses in Singapore did not have remote command capabilities.
On Monday (Jan 12), Mr Siow said in a written reply to parliamentary questions filed by two Members of Parliament that LTA had carried out technical reviews with all public bus manufacturers, who have assured the authority that they cannot control the buses remotely.
"LTA will conduct additional independent technical assessments to verify this," he added.
Mr Siow was responding to questions from MPs Joan Pereira (PAP-Tanjong Pagar) and Melvin Yong (PAP-Radin Mas) on how cybersecurity concerns involving electric public buses are being addressed.
"Public electric buses are an essential public transport service. Hence, cybersecurity vulnerabilities carry higher risk and impact on public safety and service continuity," said Mr Siow.
He noted that LTA requires the manufacturers of all electric buses in its fleet to have "certified cybersecurity controls to prevent, detect and respond to cyber threats across the vehicle lifecycle" and ensure the security of over-the-air, or wireless, software updates.
"Any software updates or changes needed today are executed by authorised personnel on-site at the bus depot using a wired connection, only after LTA has verified the purpose of the updates and given approval," he said.
Noting that over-the-air updates for electric public buses are increasingly common and necessary to swiftly patch vehicle software vulnerabilities, he said that LTA is working closely with government cybersecurity agencies to look into the safe transition from wired to over-the-air updates for its buses.
Continue reading...
This comes after cybersecurity concerns arose late last year over how Chinese manufacturer Yutong Group was found to be able to remotely control its buses for software updates and diagnostics.
LTA said at the time that Yutong's 20 electric buses in Singapore did not have remote command capabilities.
On Monday (Jan 12), Mr Siow said in a written reply to parliamentary questions filed by two Members of Parliament that LTA had carried out technical reviews with all public bus manufacturers, who have assured the authority that they cannot control the buses remotely.
"LTA will conduct additional independent technical assessments to verify this," he added.
Mr Siow was responding to questions from MPs Joan Pereira (PAP-Tanjong Pagar) and Melvin Yong (PAP-Radin Mas) on how cybersecurity concerns involving electric public buses are being addressed.
"Public electric buses are an essential public transport service. Hence, cybersecurity vulnerabilities carry higher risk and impact on public safety and service continuity," said Mr Siow.
He noted that LTA requires the manufacturers of all electric buses in its fleet to have "certified cybersecurity controls to prevent, detect and respond to cyber threats across the vehicle lifecycle" and ensure the security of over-the-air, or wireless, software updates.
"Any software updates or changes needed today are executed by authorised personnel on-site at the bus depot using a wired connection, only after LTA has verified the purpose of the updates and given approval," he said.
Noting that over-the-air updates for electric public buses are increasingly common and necessary to swiftly patch vehicle software vulnerabilities, he said that LTA is working closely with government cybersecurity agencies to look into the safe transition from wired to over-the-air updates for its buses.
Continue reading...