There has been quite a bit of discussion about the Russia-Ukraine conflict and how the war in Europe is presenting a cybersecurity threat to the rest of the world. Since the war began, there has been an increase in cybersecurity incidents. The Department of Homeland Security, FBI and other security agencies have issued high alerts as the conflict began to escalate to prepare individuals, corporations and government bodies for what potentially could occur.
“The problem is, kinetic warfare is almost always accompanied by cyberwarfare,” says Vahid Behzadan, an assistant professor of cybersecurity at the University of New Haven. “It’s unlikely Russia would target the critical infrastructure here in the U.S.; however, there is a long history of Russian hackers engaging in patriotic attacks against entities not well aligned with the Russian government.”
Ryan Wright, a University of Virginia professor and a cybersecurity expert, states that with U.S. sanctions “setting in” it’s just a matter of time until this country is targeted with cybersecurity attacks which could take place anywhere from personal devices to infrastructure such as the power grid or internet.
Saryu Nayyar, CEO of Gurucul, a security firm, also believes other major infrastructures such as financial systems or oil production could be disrupted.
Just recently, the National Security Agency acknowledged there have been reports of a potential cyber-breach that disconnected VSATs (very small aperture terminals) that get information from a satellite network. The agency is investigating these reports.
With so much of our critical infrastructure digitalized, an international conflict can always lead to concern when it comes to cybersecurity; cyberattacks can be used as modern-day warfare.
However, one industry that has not been discussed widely by the media is the vulnerability that vehicles can face when it comes to cybersecurity issues. Vehicles today are one of the most digitized possessions that individuals own. A vehicle, technologically, can be equivalent to 20 computers.
Most people today would not own a computer without cybersecurity protection but don’t realize the magnitude that a security breach would mean if their vehicle was hacked.
Toyota stopped plant operations recently because of a suspected cyber-breach and one of their suppliers, Denso, detected a ransomware attack. These are examples of ways in which automakers and suppliers were affected but the actual vehicle was not penetrated. However, in-vehicle security also can have catastrophic consequences.
Often the most vulnerable component of a vehicle is the entertainment system, which could be attacked easily by a malicious actor. Once a part of the vehicle is penetrated, a hacker then could affect the braking system, steering and many other components of a vehicle while it is in motion. On a larger scale, a vehicle attack could put a fleet of vehicles at risk.
Recently, new automotive regulations were put in place – WP.29 and ISO/SAE 21434 – which require OEMs and suppliers to scale cybersecurity capabilities across the supply chain and ensure compliance in all new vehicle models. With these new requirements, new vehicles will need to have a security process put in place in the event of a breach.
The security industry needs to keep in mind that while an infrastructure breach would affect a large mass of the population, an automotive breach can do the same. Having an integrated security system that can monitor all cybersecurity needs in one centralized platform creates full visibility for an automaker.
Additionally, cybersecurity protection that is active throughout the lifecycle of the car – from development and production to deployment – is crucial in developing automotive technology so that in moments of crisis and conflict, drivers will know they are covered by their automaker.
Roy Fridman (pictured, above left) is CEO of C2A Security, an end-to-end automotive and mobility infrastructure cybersecurity solutions provider.