It’s been a few posts since we’ve visited one of our favorite topics – cars. But as in so many other industries, there is a significant evolution occurring in the way we create and, ultimately, operate our vehicles. It’s a much more intertwined and complex network of devices and contributors than it may have once been. While this is leading to extremely interesting and useful innovations from self-driving to eco-friendly to entertainment capabilities, it is also opening networks up for more unrealized vulnerabilities. As Marie Hattar writes for Security Week, “An automobile is no longer just for transportation from point A to point B, but cars are rolling data centers that transmit a wealth of actionable intelligence to the networks and systems around them.” This trend is convenient for both drivers and hackers. Needless to say, this subject deserves some checking in on. So, take a journey with us as we explore the road ahead for automotive cybersecurity.
🚦 First Stop: Cybersecurity Challenges
According to Statista, there will be over 400 million connected cars in the world by 2025. This is just shy of doubling the number available in 2021, which reached 237 million. This means that we are really going to need proven methods for strengthening cybersecurity. And one of the challenges in putting together these methods that has yet to be fully addressed is protecting the interconnected systems and components built into the cars themselves nowadays. As Hattar explains in the piece for Security Week, WiFi, Bluetooth, LTE and 5G, CAN bus, V2X and the entire infotainment system are all potential risks to exposure. Adding to that list is the increasing use of Voice-as-an-Interface tech through providers such as Amazon, Apple and Google.
🚦 Second Stop: Cybersecurity Solutions
Felipe Fernandes, cybersecurity manager at Jaguar Land Rover (JLR), has seen this shift in the industry and growing need for enhanced cybersecurity up close. In an interview with “Left to Our Own Devices” from GeekTime, he shares that he was first hired by Fiat to apply his expertise in embedded systems and then recruited by JLR. Through his position, he is working to guide the automotive company through this ongoing transition to an increasingly digitalized environment, especially as they produce more and more electric vehicles. He explains that “When you are talking about a very traditional company, you have lots of experienced people around, like mechanical and electrical experts. But software is much more complicated and cybersecurity on top of software has become a giant challenge.”
On top of adhering to developing international regulations, the suggestions he gives for maturing an organization’s approach to cybersecurity include “securing vehicles by design to mitigate risks along the value chain, detecting and responding to security incidents across the vehicle fleet [and] providing safe and secure over-the-air (OTA) software updates,” as GeekTime describes. Another key area going forward is improving SBOM agreements between suppliers and manufacturers. This process consists of establishing transparency in communicating about what is present within the software.
In her own analysis of the solutions to pursue, Marie Hattar notes that “vehicle cybersecurity starts with the OEM,” and emphasizes the importance of following regulations guiding the industry. Along with taking strides to mitigate risk, she points out that the process must also feature testing selected security measures, including functional cybersecurity testing, fuzz testing, and vulnerability testing. Another major solution? Automation. Implementing resources that automatically assist functions like updates and verifications are very useful.
🚦 Third Stop: Helpful Tools
As the auto industry looks to undertake the process of shoring up cybersecurity protocols, there are tools available to assist with actions like automation. For instance, Mercedes-Benz and Microsoft Corp recently partnered to launch the MO360 Data Platform. Via this program, Mercedes-Benz is connecting its nearly 30 passenger car plants worldwide to the Microsoft Cloud, which it says in a press release will enhance “transparency and predictability across its digital production and supply chain.”
Then you also have our team at Dellfer, which is assembling accessible services that make handling connected device security much easier. We outline our solutions throughout the website, so make sure to take a look and contact us with any questions.
Other Considerations
While we’re covering cybersecurity of the auto field at large, It’s worth mentioning the security of dealerships. Sure, this is not manufacturing related (our area of expertise), but it is a part of the overall chain since they get cars into the ownership of customers. A new study by CDK Global Inc. reveals that “15% of dealers have experienced a cybersecurity incident in the past year,” according to Autobody News. Most of these breaches stemmed from sophisticated phishing campaigns. Despite the number of attacks, confidence among dealerships in their ability to defend against an incident has declined compared to the 2021 version of the study. This is important to address because, like the expanding regulations around vehicle manufacturers, there is also an upcoming Federal Trade Commission (FTC) Safeguards Rule deadline that affects such distributors.
Sources:
- “Automotive Security Threats Are More Critical Than Ever” – Marie Hattar, Security Week
https://www.securityweek.com/automotive-security-threats-are-more-critical-ever - “Left to Our Own Devices: Jaguar Land Rover’s Felipe Fernandes on the future of automotive cybersecurity” – David Leichner (CMO), Shlomi Ashkenazy (Head of Brand) and Rafi Spiewak (Director of Content) at Cybellum, GeekTime
https://www.geektime.com/david-leichner-shlomi-ashkenazy-interview-felipe-fernandes-cybellum-podcast/ - “Mercedes-Benz and Microsoft collaborate to boost efficiency, resilience and sustainability in car production” – Microsoft, Microsoft News Center
https://news.microsoft.com/2022/10/12/mercedes-benz-and-microsoft-collaborate-to-boost-efficiency-resilience-and-sustainability-in-car-production/ - “Cyberattacks Increasing in Auto Dealerships” – Autobody News
https://www.autobodynews.com/index.php/industry-news/item/27332-cyberattacks-increasing-in-auto-dealerships.html
