Early on, no one in the automotive industry ever imagined vehicles would come under cyber security and become prone to cyber threats. Autonomous driving, connected cars, electric vehicles, and shared mobility have revolutionised the mechanics of automobiles. Modern-day vehicles are information hubs with GPS, Bluetooth, Wi-Fi, cellular networks, apps, and sensors. All the digitalisation and advanced technologies have provided convenience and benefits to customers and automobile manufacturers. But, along with the positives, they have also brought some serious risks. They might vary from data security breaches to physical security risks.
The automotive segment and vehicles are now becoming so connected that even one cyber attack could potentially affect thousands of cars at a time. That’s where taking proper cyber security measures achieves substantial importance. The proliferation of ADAS (Advanced Driver Assistance Systems) also adds fuel to the fire.
Standards and Regulations for Cyber Security
Presently, there are few standards and guidelines for specific technical procedures to secure hardware and software in vehicles, such as standards for hardware encryption or secure communication among electronic control units (ECUs). Some of the notable cyber security standards include ISO/SAE 21434, UL 4600, NIST SP 800-193, SAE j3061, and ISO/IEC 15408.
The World Forum for Harmonization of Vehicle Regulations (WP.29), under the UN Economic Commission for Europe (UNECE) has set a minimum standard of regulatory framework. They have set specific requirements for automotive players to keep. The automotive regulations mandate OEMs and relevant parties to enforce measures in areas related to cyber security such as managing vehicle cyber risks, securing vehicles by design to mitigate risks along the value chain, detecting and responding to security incidents across vehicle fleets, data protection, privacy of customers and providing secure software updates thus ensuring that vehicle safety is not compromised. Moreover, according to the WP.29 regulation, the ISO has developed automotive cyber security standards. The ISO/SAE 21434 standard confirms ‘cyber security by design’ throughout the entire lifecycle of the vehicles.
The global management consulting firm, ‘McKinsey and Company’ has divided the automotive cyber security market into three areas. Cyber security hardware, cyber security-related software development efforts, cyber security processes and solutions. Based on their research and analysis, they estimate that the total cyber security market will increase from US$ 4.9 bln in 2020 to US$9.7 bln in 2030, corresponding to annual growth of more than 7%. That realistically shows how big and crucial cyber security is going to be in the near future.
Types of Cyber Threats
Today, attackers can breach vehicles in numerous ways as the potential areas where they can target are very wide. Some of them include
- Attacks on critical infrastructure like car steering, engine, or brakes.
- Attacks on applications, software, and processes where features like infotainment, navigation, or essential safety are compromised.
- Attacks on the cloud, data storage, and network which can affect the data sent between automotive parts thus thwarting private information or the modification of control systems.
Cyber Security Measures – What Can Be Done?
Current automotive employees will need renewed skills and methods of functioning throughout the entire development cycle to secure hardware and software while meeting regulatory conditions and customer anticipations. Not only the employees but also the OEMs need to get equipped to rapidly respond to cyber attacks by hostile hackers. The companies have to develop a system where they can discover possible susceptibilities. This requires providing technical and organisational capabilities like providing security patches regularly throughout a vehicle’s life cycle. Let’s dive into some of the security measures OEMs can consider to defend automobiles from cyber threats.
- Encryption – Keeping important data encrypted is the best way to secure them as they can’t be easily interpreted by third parties. Encryption alters information into a code that can only be decrypted by trusted parties.
- Firewalls – Firewalls act as a barrier between the internal system of the vehicle and the external network. It can block unauthorised access to the vehicle system. It entitles the monitoring and managing of data flow while averting malicious invasions.
- Intrusion Detection and Prevention Systems (IDPS) – They keep track of the network and parts of the vehicle system keeping an eye on any suspicious activities.
- Access Control – Robust authorisation processes are kept intact to discard unauthorised user access.
- Cooperation and Knowledge Sharing: Promote cooperation between automotive manufactories, government agencies, and cybersecurity experts. Sharing information about emerging threats and vulnerabilities can lead to better precaution and defense.
- Secure Boot and Firmware Verification: Making sure that only valid and legitimate software can run on vehicle control units could prevent unauthorised alterations. A proper verification process is essential.
- Over-the-Air (OTA) Updates: Using unassailable techniques to update car software while ensuring its validity.
- Artificial Intelligence and Machine Learning in Automotive Cybersecurity – AI and ML are quickly progressing technologies that can be implemented in the system. They can analyse expansive data sets, identification of complex patterns, and detection of abnormalities that conform as possible indicators of cyber threats.
- Vulnerability Testing and Penetration Testing – In vulnerability testing, comprehensive scans and assessments are done on vehicle hardware, software, and network systems to identify possible weaknesses and loopholes. Penetration testing takes the process a step ahead by mimicking real-world attack scenarios to evaluate the efficacy of existing security measures.
- Security by Design – A security-first approach in the initial phase of the vehicle is crucial. Executing security by design regulations, manufacturers can quickly identify and handle potential vulnerabilities and threats during the initial stages of product development. This is very effective in forming a complete security plan without any deficiencies
- Cybersecurity Training and Awareness – Smart vehicles and cyber technologies are evolving day by day. It’s important to keep every engineer, technician, and end-user updated on cybersecurity best practices.
As connected cars become the new normal and the automotive industry embraces cutting-edge technologies, it is steadfastly important to maintain all the cyber security measures possible to alleviate cyber security risks and attacks. Along with the rising threats, the industry has hope in the rapid advancement of automotive security which is capable of providing consumers with a safer and secure driving experience. Manufacturers, automotive experts, customers, and the industry as a whole, should develop a strong desire for learning and improvement. The growing awareness among technicians and vehicle manufacturers is appreciable as this awareness and rising consciousness is the base of any positive change or impact in this regard.
– Vaishnav Satheesh