The automotive industry started off as a mechanical business and has been operating as such for more than 100 years. However, over the past decade the industry has gone through a digital transformation that includes the surge of connected vehicles, unique ADAS and safety features, and the emergence of autonomous and electric vehicles. Vehicles that once were strictly mechanical now have more lines of code than a Boeing 747, essentially making them an iPhone on wheels.
“No other industry is undergoing as rapid technological change as the auto industry,” says Zoran Filipi, Chair of the Department of Automotive Engineering at Clemson University’s International Center for Automotive Research. “This is driven by the need to address impending, ever more-stringent CO2 and criteria emission regulations, while sustaining an unprecedented rate of progress with development of automation and infotainment, and meeting the customer expectations regarding performance, comfort and utility.”
Consumer demands and the digital transformation taking place across multiple markets are fueling the development of vehicles that are extremely complex and composed of many electronic control units, millions of lines of code and sophisticated automated capabilities that never were characteristic of older automobiles. Just a decade ago, high-end vehicles had about 100 ECUs throughout the car with approximately 100 million lines of code. Today, vehicles such as the BMW 7-Series can have 150 ECUs embedded throughout the car.
This issue is compounded by the surge in the development of electric vehicles, which are even more vulnerable to cyberattacks than fuel-based vehicles since they have a wider attack surface. The need for cybersecurity to protect EVs has become a growing concern since it’s not just about the car but also about securing the entire ecosystem which includes the vehicle, the charging station and the grid, all of which are highly vulnerable to malicious attacks.
“With new cars and electric vehicles being more connected and automated than ever before, they are also at higher risk of cybersecurity attacks. EV vehicles do not need to be inherently more at risk than a modern ICE vehicle – it is just that an EV vehicle to maximize its performance will naturally be using the most modern electrical architecture, including all manner of connectivity which by its nature can create a greater level of risk,” says Steve McEvoy, vice president-automotive at Expleo.
With connectivity and software adding significant value to the vehicle, consumers may wonder why cybersecurity protection is not a priority when purchasing a new vehicle. After all, no one would leave a computer or phone vulnerable to cyberattacks. A vehicle necessitates even more cyber-protection given the catastrophic consequences of an actual hack and the number of people who could be affected by a vehicle losing control on the road.
Cybersecurity for connected vehicles is not a simple subject; the development of a vehicle has many complex phases that include design, development, testing, production and post-production. Implementing security at each of these phases requires different tools, solutions and teams from various stakeholders and often are done manually. Securing each of these phases typically is handled in a silo, through tedious manual processes that are prone to human error. Additionally, when developing a car many companies are responsible for one aspect of the vehicle and often do not communicate efficiently, which creates multiple silos and leaves the vehicle vulnerable to cyberattacks.
The challenge lies in the disparate security processes which make it easy to miss a security threat and impossible to have a full overview of the entire security landscape. It’s like having a manual assembly line versus automated machinery building a vehicle. Additionally, working in silos is quite costly since it requires a lot of manual work, which later is reflected in the prices consumers pay.
Today, this cybersecurity process has become automated through cybersecurity management tools that bridge the gap between the phases and various teams and secure the entire ecosystem of the vehicle. The entire automotive ecosystem is quickly learning the importance of one automated and centralized cybersecurity DevOps platform that fosters delegation and collaboration so that the silo barrier is broken and cybersecurity is managed throughout the entire ecosystem with a transparent, single pane of glass approach.
A hundred years ago no one would have predicted that our vehicles would have more software than almost any other technology we use today or that the industry would shift toward electrification. But behind the advanced technology of the automotive world, there needs to be a security solution that can protect the disruptive progress we are embracing.
Roy Fridman (pictured, above left) is CEO of C2A Security, an end-to-end automotive and mobility infrastructure cybersecurity solutions provider.