In recent years, the automotive landscape has witnessed a transformative wave with the rise of connected vehicles. With an anticipated 93% of cars in the EU to be connected by 2035, the age of smart, interconnected automobiles is on the horizon. However, this digital evolution comes with its own set of challenges, none more critical than the imperative of automotive cybersecurity.
As cars become more reliant on software and apps, controlling everything from navigation to braking systems, the vulnerability to external cyber threats intensifies. Automotive cybersecurity, therefore, is the safeguarding of electronics, communication systems, data, software, and algorithms against potential external threats. Its primary goal is to fortify the car and protect the driver from malicious attacks and manipulations.
The Significance of Automotive Cybersecurity
The stakes are high; every point of connection in a vehicle is a potential entry point for hackers. The 192 million connected cars on the road right now, supporting up to 150 Electronic Control Units (ECUs) and up to 100 million lines of code each, all need protection. The threats we are discussing here aren’t just theory. In 2020, researchers at KU Leuven University in Belgium were able to ‘steal’ a Tesla Model X in two minutes, by hacking into it with around $200 worth of kit.
While traditional car safety emphasises external factors like crash tests and advanced safety features, the emerging concern is the invisible threats from cyber intruders. Automotive cybersecurity adds a crucial layer of defence by:
- Data Protection: Preventing theft of sensitive information like GPS location, contacts, and access to in-car microphones and cameras.
- Anti-Manipulation Measures: Thwarting hackers from controlling or manipulating the vehicle’s functionalities, such as disabling alarms or tricking collision avoidance systems.
- Preventing Damage: Ensuring the integrity of the vehicle by preventing actions like resetting electrical functions or delaying necessary maintenance.
Unlike the university Tesla demonstration above, the real hackers are more likely to exploit vulnerabilities for financial gain, rather than stealing the car. For example, installing malware into the car’s system to immobilise it and demanding payment to remove it.
Manufacturers and industry bodies, acknowledge the severity of the issue. However, challenges persist. A staggering 37% rise in data breaches and a 40% increase in backend server attacks in H1 2023, as reported by Upstream Security, highlight the urgency for a unified and regulatory approach to automotive cybersecurity.
UNECE WP.29: A Game-Changer in Automotive Cybersecurity
The United Nations Economic Commission for Europe (UNECE) created WP.29 to address the lack of a single automotive security standard. The framework ensures all car makers meet clear performance and audit requirements before their vehicles reach consumers.
Key Regulations
The WP.29 Cybersecurity regulations, approved in June 2020, provide a series of measures for manufacturers to:
- Identify and Manage Risks: Conduct risk assessments in vehicle design and continuously update them.
- Monitor and Respond: Establish processes to monitor and respond to cyber attacks.
- Secure OTA Updates: Implement security measures for over-the-air (OTA) software updates, including authentication, encryption, and integrity verification.
Global Adoption and Impact
The European Union, South Korea, and Japan have already committed to adopting WP.29 regulations, making them mandatory for all new vehicles. This global collaboration is a pivotal step, as 62% of consumers in an IBM study indicated they would consider security features when choosing a vehicle, mirroring the growing awareness of cybersecurity among the general public.
Implementing Cybersecurity-by-Design
As the automotive industry heads for a connected and autonomous future, the need for a security-by-design approach becomes imperative. This method involves embedding security features during the manufacturing process, ensuring that every Electronic Control Unit (ECU) is endowed with a secure identity.
Safeguarding ECUs: A Multifaceted Approach
Manufacturers must go beyond mere identification; they should implement diversified, random IDs for each ECU. Public Key Infrastructure (PKI) authentication becomes crucial, ensuring that only authorised entities can access and interact with these vital components.
Lifecycle Management and Continuous Monitoring
Cybersecurity measures must extend throughout a vehicle’s lifecycle, a span that can reach up to 15 years. Regular updates, scheduled over-the-air maintenance, and a secure end-of-life process are essential components of a comprehensive security strategy.
Security Operations Centres (SOCs)
A Security Operations Centre (SOC) is a new frontier in the automotive industry. Though well-established in enterprise IT, SOCs are gaining prominence in addressing the unique challenges of automotive cybersecurity. They enable proactive monitoring, threat detection, and timely responses to potential attacks.
Looking Ahead: Cybersecurity as a Catalyst for Innovation
the significance of robust cybersecurity extends beyond mere defence. By reducing crime and instilling trust, car makers can accelerate the development of innovative features and business models, such as:
- Shared Ownership/Access: Systems that enable easy rental of nearby cars or granting access to owned vehicles to friends.
- Automatic Payments: Seamless payments for parking, battery charging, fuel, and more.
- Location-Triggered Alerts: Marketing alerts sent by local businesses to the in-car display.
- V2V Communication: Broadcasting car position and speed to other connected vehicles to avoid accidents.
As the automotive sector hurtles towards a secure, connected future, the intersection of automotive technology and cybersecurity demands a strategic and proactive approach. From protecting the vehicle’s core systems to ensuring secure communication and data sharing, the industry is evolving to meet the challenges. As regulatory standards solidify and consumer awareness grows, the automotive sector is on the path to a secure, connected future. As we embrace the era of smart cars, one truth remains evident: cybersecurity is not just a feature; it is the backbone of the automotive evolution.
