Automotive sector innovation and rollout investments are on the rise. Enterprises in this industry have been using technology to improve efficiency, reach new markets and optimise supply chains. However, by embracing digital innovation and new technologies, the market is rapidly becoming exposed to new kinds of threats.
As the automotive sector undergoes a shift driven by new personal mobility technologies, cyber security has in turn grown in importance. Self-driving vehicles constitute a huge target area for malicious actors. The chaos a criminal would cause by infiltrating the network that directs these vehicles would be enormous. It is more important than ever to avoid IP losses and to prevent competitors from getting their hands on confidential manufacturing data. But what are the consequences of these attacks, and how should automotive manufacturers best prevent them?
Securing the entire ecosystem
Consumers increasingly want an advanced and exceptional experience, and with the digitalisation of in-car systems and the spread of technology, the future of cyber security has become an even more critical factor. Vehicles now have up to 150 electronic control units; by 2030, many analysts anticipate that they will have over 300 million lines of software code. The problem of safeguarding the whole ecosystem, particularly third parties and blue-collar employees, is a persistent source of frustration.
Manufacturers must build-in security measures from the ground up for automotive platforms. This is due to the intrinsic complexity of vehicle platforms, which, when combined with their lengthy development cycles and complex supply networks, do not permit late-stage design alterations.
Experience vs security
On the consumer side, the focus is on ensuring that the driver has a pleasant experience rather than being shielded from any potential cyber risk. This is a difficult balance to strike. While many manufacturing companies are moving forward at a quick pace with convenience features like keyless access, the security implications of technology like this are often seen as being of secondary importance.
A vast number of in-car entertainment systems, for example, have a propensity to be constructed on legacy technology and earlier, often unpatched, versions of embedded operating systems. Due to a lack of connectivity, these systems often present challenges, and in some cases, even make it impossible to keep them patched and up to date.
In-car biometrics are now the subject of ongoing research and development as a method of protecting the safety of drivers while also enhancing their convenience. However, the broad adoption of this technology has not yet occurred.
Preventing future automotive disruption
To ensure the future of the automotive industry remains secure, industry leaders should consider the extent to which their entire value chain, from initial R&D right through to day-to-day vehicle usage, is secured against infiltration and abuse. It is only by truly understanding the threat vectors in play that effective countermeasures can be implemented. Many painful lessons have already been learned in other sectors regarding the insecure implementation of smart or connected devices and components, with even basic security flaws like insecure default passwords known to create havoc when discovered. The automotive industry should learn from these and insist on standardised and stringent cyber security quality controls throughout, particularly when embedding third-party OEM equipment into vehicles and supporting systems.
In an industry accustomed to simplifying complex problems and standardising solutions, the automotive industry’s cyber security practices continue to defy the norm and stand out as an unstandardised exception. The introduction of modern technology will connect, automate, and even drive vehicles. This will develop into a component of an ecosystem for connected vehicles, which will be vulnerable to the same kinds of cyber security vulnerabilities that information ecosystems are at present. It is important to make sure that safety, attentiveness, and resiliency are the characteristics of an effective cyber risk management programme for any company.
The opinions expressed here are those of the author and do not necessarily reflect the positions of Automotive World Ltd.
Rob Otto is Field Chief Technology Officer, EMEA, at Ping Identity
The Automotive World Comment column is open to automotive industry decision makers and influencers. If you would like to contribute a Comment article, please contact [email protected]