Digital transformation and the increased integration of artificial intelligence in cars and trucks has resulted in greater operational transparency, increased efficiency and greater cost savings across the industry.
While the digital transformation of the automotive sector has resulted in a host of improvements, from the manufacturing process to the in-car user experience, it has created more opportunities for cybersecurity attacks, some of which directly threaten human safety.
As the digital transformation of the industry accelerates and more connected cars hit the road, the conversation around cybersecurity is becoming increasingly important. Cybersecurity no longer can be treated as just an enhanced security measure or the sole responsibility of the OEM; it needs to be prioritized by the entire industry supply chain and supported by a robust infrastructure.
Barriers to Prioritizing Cybersecurity
As part of the ongoing industry effort to approach cybersecurity as a high priority, engineers are working closely with their functional safety counterparts to define cybersecurity and safety goals and the requirements to meet those ends.
Modern vehicles have up to 150 electronic control units and 100 million lines of code and are expected to triple to 300 million lines of software code by 2030. Even though cybersecurity is advancing to meet the challenge of protecting all that software, there is still a lack of tailored digital tools that can truly meet the moment.
Having such a large volume of software and systems to protect without sufficient tools also makes it difficult to implement cybersecurity protections quickly. A major component of the automotive industry’s need to become more agile and fast-moving as it digitizes is the need for frequent and rapidly delivered software updates that include cybersecurity features.
Some of today’s and many of the vehicles produced in the near future will have the ability to update software over the air (OTA) using only a Wi-Fi connection. OTA updates represent the application of the software engineering principles of continuous integration and continuous delivery to the automotive world.
But such backend systems that make these vehicle software updates easy must also exist to support cybersecurity activities such as risk assessment and updates, if needed.
With the importance of cybersecurity and its relevance to safety, it’s past time for the automotive industry to adopt parallel systems that can cope with the heavy stream of incidents flowing into automotive systems-on-chip (SOCs) and empower OEMs to respond quickly, keeping attackers at bay on an ongoing basis.
The biggest challenges of the modern automotive industry are complexity, decentralized organization and siloed nature. Automotive supply chains are some of the most complex in the world, with hundreds of suppliers contributing to a single vehicle model.
Vehicle production programs must support multiple models and sub-models, with specifications and changes that cater to various geographies.
There also is a lack of harmonization in cybersecurity discussions among suppliers and OEMs. The new ISO 21434 standards and UNECE are encouraging examples of industrywide collaborative efforts to unify voices in the industry, but there is still no clear way to communicate cybersecurity gaps, requirements or solutions. This makes it difficult to mitigate attacks in a structured and coordinated manner across the global automotive ecosystem.
Centralized Communication is Key
On the road to fully digitizing the automotive industry, cybersecurity cannot be left behind. We need to arrive at a comprehensive, standards-driven approach to protecting every CPU and vehicle system. We also need more visibility into how each member of the automotive ecosystem is managing the cybersecurity of their components to coordinate efforts across the supply chain.
Transparency is key for coordinating and implementing effective cybersecurity efforts, and centralized communication is the logical next step toward comprehensive cyber-protection for the entire vehicle lifecycle.
The digital transformation of the automotive industry is driving tremendous positive change inside the industry and beyond. It has the potential to generate significant value for both industry and society, and now it’s time for cybersecurity measures to catch up.
OEMs and suppliers need to harness the power of digitization to address internal security risks before vulnerabilities turn into costly, and potentially dangerous, cybersecurity breaches. The latest digital tools offer the opportunity to revolutionize automotive cybersecurity, just as similar technological advancements are revolutionizing cars themselves.
Nathaniel Meron (pictured above, left) is chief product and marketing officer at C2A Security, a provider of in-vehicle cybersecurity solutions.