Transportation as we know it today wouldn't be possible without the significant leaps in technology that have taken place over the past centuries. It is undeniable that the next big thing is connected cars. This wave of innovation, however, comes with substantial risks.
While connected cars deliver significant customer value, such connectivity creates new vulnerabilities, as self-driven and internet-connected cars are at risk of being hacked. Hackers are attempting to gain access to vital in-vehicle electronic units and data, potentially compromising safety functions and customer privacy.
Unfortunately, the cybersecurity playing field tilts in favor of attackers because of the sheer availability of right state-of-the-art tools. Therefore, mounting a coherent defense for the elaborate value chain and its products requires higher effort and investment. An example of the tilted cybersecurity playing field is a case from 2015 where one automaker had to recall approximately 1.4 million cars, suffering a loss of almost $600 million!
Lack of Standard Approach
The industry lacks a standard approach for dealing with cybersecurity issues. Thus far, automotive suppliers have difficulty coping with varying requirements of their OEM (Original Equipment Manufacturer) customers. They try to balance the use of regular security requirements that go into their products against those that are implemented via the software adjustments made for individual OEMs.
OEMs often are unable to test the end-to-end cybersecurity of a vehicle platform or technology built of parts sourced from various suppliers due to the current supplier relationships and contractual arrangements. That makes it difficult for both parties to achieve effective cybersecurity during software development and testing.
Cybersecurity Becomes an Integral Part of the Strategy
As the automotive industry undergoes a transformation driven by new technology breakthroughs, cybersecurity rises in importance. An array of car apps, online offerings, vehicle features that customers can buy online, and numerous other services are part of today's cars.
The overabundance of such complex software results from growing user requirements over the past 35 years. However, this development also generates ample opportunity for cyberattacks, not only in the car itself but also in the entire value chain. Nevertheless, the difficulty is changing as regulators prepare minimum standards for car software and cybersecurity that will affect the complete value chain.
Cybersecurity From the Start
Automotive companies must include cybersecurity in design from the get-go because the inherent complexity of vehicle platforms, with their long development cycles and complex supply chains, can't allow late-stage architectural changes.
Carmakers must consider cybersecurity over the entire product life cycle because new technical vulnerabilities can emerge at any time. Such issues can result in problems for the cars already on the road, thus requiring OEMs to provide software patches. For this matter and others, the automotive industry must develop common cybersecurity standards to keep development and maintenance costs under control.
Hackers have connected cars in their headlights, forcing automakers and suppliers to ensure greater protection. The overall security of modern vehicles will depend on how well the automotive industry addresses cyber risks, as well as on the strategic actions key players take now to prepare for future attacks.
Effective management of risks is becoming increasingly relevant to the automotive industry. A rigorous approach to the security of connected cars is vital to achieving the full range of benefits new technologies promise while maintaining top quality on the market.