Regulating Cybersecurity in the Automotive Industry

Much like we have seen the capabilities and intricacies of computer systems expand exponentially, the same is occurring in the realm of automotive systems. This also means that as the industry journeys further into its connected technology renaissance, the need for cybersecurity initiatives is stronger than ever before. In 2021, David Mor Ofek wrote for Security Magazine that “Connected cars today have content and services that are very much controlled by the OEMs and the accessibility is limited. However, there are already signs of uncontrolled content making their way to the market.” With increased use of apps, internet and mobile connectivity within vehicles, the attack surface has the potential to grow throughout this year and the near future. Therefore, automakers will have to adopt their security outlook to this pressing possibility. The Security Magazine article pointed out that in doing so, the importance of visibility should be uplifted so that cybersecurity management can be at its most efficient. But we are seeing another topic within the subject of auto cybersecurity take rise – regulation.

Due to the auto industry’s transition into an evolving technological landscape, there have been mounting concerns over how to maintain accessibility to the proper security tools as well as how to develop a standard for those security tools. The overarching legislation introduced to cover this is “the right to repair,” which seeks to make sure that consumers can turn to independent companies for services needed. Bills such as the Right to Equitable and Professional Auto Industry Repair (REPAIR) Act require “all tools and equipment, wireless transmission of repair and diagnostic data and access to on-board diagnostic systems needed for repairs to be made available to the independent repair industry,” according to a report by Energy International. Additionally, this bill includes a call for the National Highway Traffic Safety Administration to put together a set of guidelines that vehicle data cybersecurity measures should meet. Ultimately, such regulatory action aims to correct the current fact that manufacturers hold most of the power when it comes to owning the ability to repair issues that arise with cars’ systems.

Only one state thus far has pursued this into law. In 2013, Massachusetts introduced a “right to repair” law, and voters supported the expansion of it in 2020. This meant that vehicles with the model year 2022 and beyond would have to incorporate an open data platform for their connected features. However, there has been some backlash led by an automakers’ coalition. The arguments against the regulation, known as “MY2022,” is that the timeframe for implementation was too short. Other legislative opposition has also come from companies like Tesla and Google.

Despite a push and pull, one thing is for sure. Regulation is likely to remain a significant source of conversation because the relationship between connectivity and auto innovation shows no signs of slowing down. Case in point, Chinese carmaker SAIC Motor has officially released plans for its Robotaxi. What Robotics & Automation News refers to as “China’s first Level 4 self-driving platform,” will include a fleet of vehicles across different regions of the country that combine the assets of the SAIC Motor AI Lab, autonomous driving tech from Momenta and SAIC Mobility’s ride-hailing service. Because much of the fleet’s process involves intertwining vehicle data with cloud storage, Robotaxi security supervisors have reportedly been thoroughly trained. Elements like data encryption have also been put in place according to the company, plus it has received security certifications from China.

Sources:

Share

Table of Contents

Subscribe to
The Dellfer Brief

The latest industry insights and company news delivered to your inbox.

See Our Blog Posts

Enter Your Information to Access This White Paper

Enter Your Information to Access This White Paper

Enter Your Information to Access This White Paper

Enter Your Information to Access This White Paper

Enter Your Information to Access This Datasheet

Enter Your Information to Access This Datasheet