As with every other industry, the automotive sector has seen a massive uptick in cyberthreats since its digital transformation started to pick up pace. The incorporation of Internet of Things (IoT) devices, infotainment systems, autonomous driving, and other connected technologies has opened up new avenues for cyber threats and attacks on electric vehicles (EVs).
A 2022 study by GfK shows that 59% of consumers will consider a hybrid option for their next vehicle purchase. Manufacturers must cater to rising consumer demand for smarter, more sustainable vehicles while safeguarding their brand reputation, customer trust, and financial interests against potential cyber breaches.
As an automaker, this is an impossible balancing act. Fortunately, there are proactive steps you can take to learn about, implement, and upgrade automotive cybersecurity. With the right approach, your firm can successfully thrive in today’s sophisticated threat landscape. This article explores how you can navigate potential potholes in the road ahead.
A Community of Shared Knowledge
In March 2023, several ethical hackers at the annual Pwn20wn hacking contest exposed vulnerabilities in one vehicle at the forefront of the automotive industry’s digital evolution—the Tesla Model 3.
In under 2 minutes, the ethical hackers gained access to systems deep within the vehicle, enabling them to open doors and the front trunk of the Tesla while it was in motion. Although this exploit was simply a demonstration for the purposes of the event and resulted in financial reward, it highlights the potential dangers associated with the digitization of the auto industry.
Network segmentation
A practical solution for attacks similar to the above example is to implement network segmentation into vehicle design. This technique can help mitigate the effects of a cyberattack by:
- Reducing the attack surface, thereby limiting the potential entry points that hackers can exploit and gain access to the vehicle’s computer network
- Preventing lateral movement in the event that an attacker has successfully gained unauthorized access
- Improving performance levels by dividing the overall network into smaller segments, enabling network traffic to be distributed evenly
The Pwn20wn event is also one effective way to aid in the journey toward automotive cybersecurity. By exposing the vulnerabilities publicly, ethical hackers have empowered automotive manufacturers with the threat intelligence necessary to protect at least one aspect of their vehicles’ digital systems.
In every technical field that underpins the development of software-defined vehicles, there is an expert who can share their knowledge, helping build an advanced yet secure car. A collaborative ecosystem of best practices will help all stakeholders involved in smart vehicle manufacturing identify emerging threats and create effective countermeasures.
Security by Design
Once you have the knowledge and resources to secure your vehicle development processes, you can apply it. “Security by design” is a concept that typically applies to the broader product development landscape, but is increasingly being applied in the context of intelligent vehicle manufacturing.
By following the principles of “security by design”, you embed security controls within your manufacturing operation and forge a more efficient path to developing safer cars. With this strategy, you will increase safety and reduce software costs. Advanced technologies such as AI and machine learning are helping to automate the process.
A recent partnership between Deloitte and Aurora Labs exemplifies the pursuit of built-in standards and processes to ensure safer vehicle software. Deloitte offers services that supplement the CASE model for car manufacturing. This approach comprises four key components:
- Connected: The integration of connected technologies such as Wi-Fi and Bluetooth into the vehicle’s design.
- Autonomous: Refers to self-driving vehicles that use sensors, computer vision, and AI to navigate roads independently.
- Shared: Acknowledges the rise of e-hailing services, including Uber and Lyft.
- Electric: Brings the electrification of the automotive industry into focus, as well as how traditional transportation can grow more sustainable.
Deloitte’s partnership with Aurora Labs, a leading automotive AI company, combines their respective areas of expertise to enhance software management in electric vehicle (EV) manufacturing.
Regulatory Frameworks in the Industry and Government
The United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations (WP.29) is responsible for developing and maintaining international vehicle regulations to promote safety, environmental protection, energy efficiency, and overall vehicle performance.
In light of this, the UN regulation WP.29 R155, introduced in July 2022, seeks to create awareness around the fundamentals of cybersecurity in automotive manufacturing. The standard places the responsibility of securing vehicles on the manufacturer.
While this is a step in the right direction, similar regulatory frameworks will have to keep pace with the development of new vehicle technologies, and, in turn, constant changes in the cyberattack landscape.
Furthermore, the onus is on original equipment manufacturers (OEMs) to stay compliant with such regulations—and establish the necessary DevSecOps infrastructure to facilitate safety throughout the vehicle development lifecycle.
Final Thoughts
Within the automotive industry, your company should look out for initiatives and events that center around information-sharing, compliance, and best practices for vehicle cybersecurity. With government-level support and a shared community through which you can stay cyber-aware, you can proactively protect your vehicles and customer base.
The digital transformation journey in automotive manufacturing is undoubtedly an exciting one. The promise of safer, more innovative, and sustainable vehicles brings with it cybersecurity challenges that must be addressed with a holistic and collaborative mindset—on the part of automakers, software engineers, and consumers.
Thankfully, there are major steps being taken by members of the automotive community, the software industry, and governmental organizations to ensure that we reach our destination safely.
