NEW DELHI: A new era of cyber threats is coming to the roads. As vehicles become smarter, with more software driving systems, the risk of malware attacks is no longer science fiction. In response, the road transport ministry has proposed sweeping rules to make cybersecurity and software update management mandatory for vehicles equipped with advanced systems.For the first time, the ministry has put out draft rules to make cybersecurity and software update management mandatory for certain categories of vehicles in India. The proposed cybersecurity rules will apply to passenger and commercial vehicles and tractors equipped with at least one electronic control unit (ECU) with Level-3 or higher automated driving capability.It says compliance with cybersecurity and cybersecurity management systems would be mandatory for new models of vehicles with Level-3 automation and above, such as Mercedes-Benz S Class, Audi A8, and BMW 7 Series, from Oct. This would be applicable for existing models from next April. Vehicles capable of receiving over-the-air (OTA) software updates will be next, between April and Oct 2028, followed by all other vehicles with software update capability from Oct 2029.‘OTA’ in cars refers to the wireless delivery of software, firmware, or system updates directly to a vehicle via cellular networks or Wi-Fi. This is similar to smartphone updates, as it eliminates the need to visit a dealership for repairs, enhancements, or new features. Govt is also working on strategies to deal with the risk of any IT system remotely controlling battery and electric vehicles. Officials said there is a need to go for secure coding for a battery management system designed to monitor and manage the health and state of a battery pack. This has to be done by the vehicle manufacturers.